last executing test programs:

11.041877679s ago: executing program 3 (id=731):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f0000000880)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000840)={&(0x7f0000000dc0)={0xf4, 0x0, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}, @MPTCP_PM_ATTR_ADDR={0x38, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xf071}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010102}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4045}, 0x80c0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000094b8978a7206c6533c6a00"/23], &(0x7f0000000d80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x802)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_ext={0x1c, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000202070250000000000000000000002ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2}, 0x10, 0x874d, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000600)=[{0x0, 0x2, 0x0, 0x5}], 0x10, 0x8001}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x23, &(0x7f0000000ac0)=@raw=[@ldst={0x2, 0x0, 0x1, 0x9, 0xa, 0x2, 0xffffffffffffffff}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x38}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @ringbuf_query, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @ldst={0x2, 0x2, 0x2, 0xa, 0x2, 0x10, 0x4}, @btf_id], &(0x7f0000000440)='GPL\x00', 0x401, 0x93, &(0x7f0000000480)=""/147, 0x41000, 0x0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000780), &(0x7f0000000980)=[{0x1001, 0x1}, {0x1, 0x0, 0xf, 0x6}, {0x5, 0x2, 0x6}, {0x0, 0x2, 0x0, 0x7}, {0x0, 0x3, 0x6}, {0x2, 0x1}, {0x0, 0x0, 0x5, 0x5}, {0x0, 0x3, 0x0, 0x8}], 0x10, 0x7}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r5}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), 0x0, 0x6c, r5}, 0x38)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x20}, [@FRA_DST={0x8, 0x1, @local}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2f}]}, 0x2c}}, 0x0)
dup(r4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)

10.14865418s ago: executing program 4 (id=735):
sched_setscheduler(0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, 0x0, &(0x7f0000000000)=0x68)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf6700000000000026060200010400004507000002000000240600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ff2d350100000000009500000000000000050000000000000095000000000000001f1bd182bd43cb58074e0816289328452c0880fe4b3af9c97925711095cc7d3ebcd8418ffdc4a1da470a14e4391c3fb6915cbff2a4911fe82664d775cdb9dfc83fa32db39b636c1866b526185f4ab35172a74e9afe751664f575306ebb2c2890a4fa79303101a652771ebf209deff747ce60fbe051da73bf6cc2fb4f01e79cd10215d917a116350d60f27fdc244bdab56ee3ad8f5fdf82027a1215bc54045d6b0000bdebcf053aa120397695ffd0f6e5fe24ce4b9143a3d8419fb51331ca5feff69d261621d6b4caab9021437d355be156f270df3170570dfc33dee2f6f9af5318f846ce032f7e214e927fda3156173c318f18b37d2d5c77126f577c7e58514abd70ebec9fe26865b7d1b81d19a01e"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)

9.614810744s ago: executing program 2 (id=740):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c)
syz_emit_ethernet(0xfdef, &(0x7f0000000240)={@local, @remote, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

9.489656913s ago: executing program 2 (id=741):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket(0x10, 0x3, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000d80)=ANY=[@ANYBLOB="bf16000000000000b7070000060000005070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24b8a4efc02d459d9e32a3aa81d36bb3019c13bd23212fb56f040026fb41f2db3b1639b7bbc9af171b856de734cfe3cafafefc40056bdc17487960007102fa9ea41da123741c66be166992b2dcd72fa0fca047d41886d0d4d94f2f4e345c652fbc1626cca2a2ad35806150ae0209e62f51ee988e6e06c8cedf3ceb9fc404000000c588b277beee1cbf9b0a4def42d410f6accd3637110bec4e90a6341965c39e9ebab0e39622200e011ea661c45a3449abe802f5ab3e3101c0932ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0cd2b6d357b8000018ef4aafad197acc7dc1e955c685ceff7f000000000000491b8bc4748eda186872000007ce468ee23fd2f73902ebcfcf49822775985bf31b405b433a8acd715f5888b2007f00000000000000000100fb0000000000000000ff03000000000000b56780260ed652290f58fa64533500ebffffff00ca1276445432997f0000000000000008e75a89faff01210cce39bf405f1e846c12423a163b33e680846f26dc7add65873d9f87463ad6f7c2f3ee1a39244960b318778f2a047f6d0800000000000000e7a6520602a80d608df4d433623c850af895abba72bf14f6fbd7fbad2a436804eeae1de6d2c740cf0c0b74edbcb2d4b7746fa4bc5e32bd378af7c9136adf32ec7bf48cabecead649f96ea24c329f2c490637c34360cb5d46ce680eeb80127eb23f9902519a693b85c6552051385e7e87a2db762cbb253fbd76b9117c1a11d18aa21a0c5f0c28999a639c0376678be35ffe99ff799a11d9b219c00c369a12bf8685b862d2000000bda1bae489bcef5ae59136aaacc59608f4d4e6067338b521eaf2e2465da053cfd5e95394e5520545364361d2c1465c5461a7c4174e5cd9c7976c9aa6342c5621dbc2dccedb5ab74e0b119252a23352fca272212d0c0104000014593d65d3f5e1e9b294669bcd2df061a4d6a835e40e7302f53f90da24cb256b34e95bca9c512f737486ecd037ce40d0a706a5b05e72f8c218366e321f9109ae4cf44b3b0104154a93394f42b4ab6125e0ba8b1a1d8c473852910b3cb7e8dc795ac01bad9a6b438b9db5f5c926940a3ac36daf2a9dc9d868ec11f51e08bc67a3d598039d328b4677229e8b587e8a00f1733adabd5d2837c084c164cf30010969c79a09ac7a9bffff5bc7e420baa9000cd49f77782205d3f6f4b6aa751f49a6b76e3d23635f1d33b906707563b8ec92dec767cc09fe9936acb43382bfc81c823ba32f25738d863cf20181208e23ce19966e729a7b4eefa68554fa4ccadac05c8eac1b52dd528b124285a16da468e3fcb3d9a24e9d670500956702fe9be5d8207d426450ca622e8e0197270cbb947231baf36e0567c0f5de639c99bb71ca0e60d2decb185cddd74d4f00000000000000000000006ed429a657a8203f6542e9dd19d7a70431aefcb9f1b673512e25503c603f19fa4c39ee9b08aadd2c7555543837770a812207bc2be9c86f94282b325e3097438594670099106f0defa59616d3d18a4c8c04a45c204edfc4cefbd94c4c034dcbc90975b097ece2484b5287105335791eb3061ac500a6728677c72b5b76c18186d6f1a5c74aaddd22dc002fd4bd1bc3409e8d7144689c89f7a5e95fce153d4e9bf0fe0aaa3dfaa443c5081606fda5059146ef94586f5d1658ef0389734108a3af432c730175a7c6e3bb997ed39a0da78527b212001e573492190000"], &(0x7f0000000140)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000047c0)=r3, 0x4)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000010404"], 0x14}}, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180), 0x1c)
r4 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080)={@rand_addr=0x64010101, @empty, @remote}, 0xc)
syz_usb_ep_write$ath9k_ep2(r4, 0x83, 0x8, &(0x7f0000000080)=ANY=[])

9.186982688s ago: executing program 4 (id=743):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x43, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
chdir(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

9.008429212s ago: executing program 3 (id=745):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

8.91865226s ago: executing program 3 (id=746):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0)
getpid()
sched_setscheduler(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$pptp(0x18, 0x1, 0x2)
ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, &(0x7f0000000340)={0x0, 0x81, 0x0, 0x5})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x5}, [@func, @map_fd, @generic, @initr0, @exit, @printk={@p, {0x2, 0x3, 0x3, 0xa, 0x0}, {0x7, 0x1, 0xc, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, 0x0}, 0x90)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a9fde5}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x0, 0x1f}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x64}}, 0x0)

8.712412917s ago: executing program 3 (id=748):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x5, 0x95a6, 0x6d9f3183, 0x24, 0xffffffffffffffff, 0x7fffffff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x4}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="180000230aff98dc", @ANYRES32=r0, @ANYBLOB], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7e12ddc5a89047bf00"})
r3 = syz_open_pts(r2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000200)=0x2)
read(r3, 0x0, 0x2006)
r4 = dup2(r3, r2)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x80001)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
ioctl$USBDEVFS_REAPURB(r6, 0x4008550c, &(0x7f0000002680))
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002302230102090500000010000020d3"])
ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRESDEC=r6, @ANYRESHEX=r7, @ANYRES16=r6, @ANYBLOB="0d31a365c0a8e38df2d133d097f438c67c7f022c547c81b634070a7ba44f6c0e7e1e192a443099f39d572edba7104ff73fe1e5d82035911bb7bb2e960de9405063f23eac27d7121257afd9fae8bf271902c3cb8f94e8cece16030e0ea6d2cceb87c1a3a63498ce7a1be92ac7a71ab9d6998c3b55169965fd2894fe8cb91154d8032e6eec85c8092b6a0b673b4ee11953a7379443f2899aa05efa62b11ddbbb85db6db98bd559d49101829da4b6cf126f", @ANYRES32=r4, @ANYRES64=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x90)
r8 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000020961b0a0000000000000109022d000100000000090400000503000000092100000001220500090581034000"], 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)
syz_usb_control_io(r8, &(0x7f0000000d40)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\a\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000180), 0x7, 0x0)
r9 = syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x0)
read$hidraw(r9, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
r10 = io_uring_setup(0x6f86, &(0x7f0000000000)={0x0, 0x937, 0x2, 0x2, 0x26f})
io_uring_register$IORING_REGISTER_RING_FDS(r10, 0x14, 0x0, 0x0)

8.696041198s ago: executing program 1 (id=750):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = gettid()
r3 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x8002}, 0x1c)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_FDB={0x4}, @NHA_FDB={0x4}, @NHA_ID={0x8}]}, 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r7, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000064000000090a010400000000000000000100000008000a40002000000921020073797a32000000d43df61c57f3afc526aa113e000900010073797a30000000000800054000000021280011800a0001006d617463680000001800028008000240000000000a00010071756f7461000000140000001000010000000000000000000000000a"], 0xac}}, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe)
socket$inet6_tcp(0xa, 0x1, 0x0)

7.750064654s ago: executing program 1 (id=753):
sched_setscheduler(0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, 0x0, &(0x7f0000000000)=0x68)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf6700000000000026060200010400004507000002000000240600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ff2d350100000000009500000000000000050000000000000095000000000000001f1bd182bd43cb58074e0816289328452c0880fe4b3af9c97925711095cc7d3ebcd8418ffdc4a1da470a14e4391c3fb6915cbff2a4911fe82664d775cdb9dfc83fa32db39b636c1866b526185f4ab35172a74e9afe751664f575306ebb2c2890a4fa79303101a652771ebf209deff747ce60fbe051da73bf6cc2fb4f01e79cd10215d917a116350d60f27fdc244bdab56ee3ad8f5fdf82027a1215bc54045d6b0000bdebcf053aa120397695ffd0f6e5fe24ce4b9143a3d8419fb51331ca5feff69d261621d6b4caab9021437d355be156f270df3170570dfc33dee2f6f9af5318f846ce032f7e214e927fda3156173c318f18b37d2d5c77126f577c7e58514abd70ebec9fe26865b7d1b81d19a01e"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)

6.859598616s ago: executing program 2 (id=754):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = accept(r3, &(0x7f0000001200)=@l2, &(0x7f0000001280)=0x80)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001300), r0)
sendmsg$SEG6_CMD_GET_TUNSRC(r6, &(0x7f0000001400)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000013c0)={&(0x7f0000001340)={0x44, r7, 0x104, 0x70bd2c, 0x25dfdbfc, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xd93}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x2000a0d0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r8}, 0x2c, {'rootmode', 0x3d, 0x4000}})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061111800000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x60000000}, 0x70)
r9 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r10, 0x0, 0x11203}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x15}, @IFLA_BR_NF_CALL_IP6TABLES={0x5}, @IFLA_BR_AGEING_TIME={0x8}]}}}]}, 0x5c}}, 0x10)

6.793128861s ago: executing program 4 (id=755):
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, 0x0)
syz_open_pts(r3, 0x141601)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, "78a4a500040000000000020800"})
close_range(r3, 0xffffffffffffffff, 0x0)

6.572869619s ago: executing program 0 (id=756):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{}, 'syz1\x00', 0x10})
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = syz_open_dev$evdev(&(0x7f0000000340), 0x3f, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000180)={0x0, 0x0, 0x0, {}, {}, @cond})

5.521859404s ago: executing program 0 (id=757):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x800000, &(0x7f0000001100), 0x1, 0x769, &(0x7f0000000340)="$eJzs3M9rHOUbAPBnptmmP/L9bgQP6kGEFloonSTNpT0ZL+KlUCh4rSGZhJBJtmQ3tYmFtp6F2lwUBNGzHr0Kpf4BXkQKCt4F0RoP4iUym03aptm4bTfZkn4+MNn3nXnffd5nZ/JmBvJuAC+sN8ofScRARFyIiGprfxoRB5ulQxE31tut3r82UW5JrK1d/D0pu8XqWnXzvZLW69FodolXIuJuJeLUh4/HrS8tz44XRb7Qqg815i4P1ZeWT8/MjU/n0/n8yOi54bOjo2eHR7uW6/F3zx2+/f3bKys/ftO49Xrf6STGmnlHK7euBXrI+mdSibEt++d3I1gPJR206duDcQAAsLPyPv9A696sEtU44C4NAAAA9p21/jUAAABg30ui1yMAAAAAdtfG/wFsrO3drXWw7fz2VkQMbhe/r7mGOOJQVCLiyGryyMqEZL0bPJMbNyPiztg211/Suv6e3vCWeidrpNlbd8r5Z2y7+SfdnH9im/mnb+O7E55R+/nvQfwDbea/Cx3G+PbzVytt49+MeK1vu/jJZvykTfz3Oox/a+Wj2+2OrX0ZcWLbvz/JI7F2+H6IoamZYsdfrbv/nLy3U/5HHoufJM2oyc75X+4w/w9W/5xtN5eU8U8e2/n8r8fvf6RfeU183BpHGhG3W69lfWVLjGNzP333eOTkxkb8yTaf//bn/53N/L/oMP9fvu6/2mFTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaEojYiCSNNssp2mWRRyNiJfjSFrU6o1TU7XF+cnyWMRgVNKpmSIfjojqej0p6yPN8oP6mS310Yh46efD60FnijybqBWTvU4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACATUcjYiCSNIuINCL+qqZplvV6VAAAAEDXDfZ6AAAAAMCu8/wPAAAA+9/TPv8nXR4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsK9dOH++3NZW71+bKOuTV5YWZ2tXTk/m9dlsbnEim6gtXM6ma7XpIs8manP/9X5pRIyci8WrQ4283hiqLy1fmqstzjcuzcyNT+eX8sqeZAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCTGmhuSZpFRNosp2mWRfwvIgajkkzNFPlwRPw/Iu5VK/1lfaTXgwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDr6kvLs+NFkS8oPJeFr2LHNpFEPC9DfcELEU/S63p09cT90P28ej0zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQC/Wl5dnxosgX6r0eCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL2V/ppERLmdqB4f2Hr0YPJ3tfkaEe9/dvGTq+ONxsJIuf+Pzf2NT1v7zzzU8fpe5gAAAAD73ptP0njjOX3jOR4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBT9aXl2fGiyBeesVCJiHZt4mavswQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7GvwEAAP//lhHByQ==")
chdir(&(0x7f0000000080)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000ac0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f00000002c0)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0046686, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
getpid()
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x2}})

5.457770509s ago: executing program 2 (id=758):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x4, 0x6, 0x80, 0x42}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000080), 0x619, r1}, 0x38)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

5.31675398s ago: executing program 4 (id=759):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b703825b845a142602ff00000c000000b700000000000000850000002900000077093000ffffffff8d62fcff01000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7e12ddc5a89047bf00"})
r2 = syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000200))
read(r2, 0x0, 0x2006)
dup2(r2, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
userfaultfd(0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, &(0x7f0000002680))
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002302230102090500000010000020d3"])
r4 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000020961b0a0000000000000109022d000100000000090400000503000000092100000001220500090581034000"], 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000d40)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\a\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000180), 0x7, 0x0)
r5 = syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x0)
read$hidraw(r5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
socket$nl_route(0x10, 0x3, 0x0)
io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x14, &(0x7f00000002c0)=[{0x3, 0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)=""/58, 0x3a}, {&(0x7f00000000c0)=""/8, 0x8}, {&(0x7f0000000100)=""/105, 0x69}], &(0x7f00000001c0)}, {0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, &(0x7f0000001d00)=[0x0, 0x8, 0x3fe, 0x9]}, {0x4, 0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001d40)=""/168, 0xa8}, {0x0}, {&(0x7f0000002e00)=""/83, 0x53}, {&(0x7f0000002e80)=""/106, 0x6a}], 0x0}], 0x4)

5.256505205s ago: executing program 1 (id=760):
creat(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x0, 0x0, 0xfffffffb, 0x14, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000000000}, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
write(r1, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c1e030200", 0x20)
r2 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4008800}, 0x0)
r3 = socket$inet(0x2, 0x3, 0x2)
sendmmsg(r3, &(0x7f000000ac40)=[{{&(0x7f0000002240)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000002400)=[{&(0x7f00000022c0)="80", 0x1}], 0x1}}, {{&(0x7f0000003540)=@ethernet={0x6, @remote}, 0x80, 0x0}}], 0x2, 0x4000040)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000080), 0x6)

5.164002713s ago: executing program 0 (id=761):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x2004040, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=")
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./bus/file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@bloom_filter={0x1e, 0xe4540000, 0x1a, 0x7ff, 0x2000, 0xffffffffffffffff, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2, 0x6}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b702000007150000bfa30000000000000703000000feffff7a0af0ff1100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000009000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500630000002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e2b42bf0ed0c8cef3ba2a730a00c87c493dbfa60e63fda97a29682881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000044ec2deaa14cbbf9b5c2221d934088b1f0be0f7d13"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x1f2f, 0x7, 0x0, &(0x7f00000007c0)="9f449487219195", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x50)
accept4$packet(0xffffffffffffffff, &(0x7f00000012c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0xffffffffffffff07, 0x400)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000ec0)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf590000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf664e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab69a000248e167253472dc89a57c10bb08395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb845129361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386ba3b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f44fc00b69151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cbe8d23810052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a299fa176018054e9149a1c9d20a809ce3000000000000000000000000f6fad8476470bf4bb79d2ba2c0f7147577466f4229b364d6900ad22583c0ec630ea0c6177ad88014b074d88fea473d5ef91ed786bbd3371f0dfcc5ccf4aa82927192aa94fe70a261f1899e1f2f62d50b027f7e7cac8fe3691aa323e71d5e479d466512d1df57633a9006016322978a795431c745f0502e37b8884c368a3f9d5c05a7fb5bd25d95442d09f79c5bd656dccb450cb19c6df406ffcfc414334021df3e4654f84f10070846d3b0679544"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r5, &(0x7f0000000080), 0x20000000}, 0x20)

5.080793429s ago: executing program 1 (id=762):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000680)={0x44, 0x0, &(0x7f0000000380)={0x0, 0xa, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r1, &(0x7f0000001140)={0x24, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0}, 0x0)

5.011357885s ago: executing program 3 (id=763):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = gettid()
r3 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x8002}, 0x1c)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_FDB={0x4}, @NHA_FDB={0x4}, @NHA_ID={0x8}]}, 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r7, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000064000000090a010400000000000000000100000008000a40002000000921020073797a32000000d43df61c57f3afc526aa113e000900010073797a30000000000800054000000021280011800a0001006d617463680000001800028008000240000000000a00010071756f7461000000140000001000010000000000000000000000000a"], 0xac}}, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe)
socket$inet6_tcp(0xa, 0x1, 0x0)

4.07997642s ago: executing program 0 (id=764):
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, "78a4a500040000000000020800"})
close_range(r2, 0xffffffffffffffff, 0x0)

3.668440404s ago: executing program 3 (id=765):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x43, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
chdir(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2.710262271s ago: executing program 1 (id=766):
socket(0x10, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
accept(r2, &(0x7f0000001200)=@l2, &(0x7f0000001280)=0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061111800000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x60000000}, 0x70)
socket(0x200000000000011, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, 0x0, 0x11203}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x15}, @IFLA_BR_NF_CALL_IP6TABLES={0x5}, @IFLA_BR_AGEING_TIME={0x8}]}}}]}, 0x5c}}, 0x10)

2.639064797s ago: executing program 4 (id=767):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, &(0x7f0000000340)={0x8, 0x81, 0x0, 0x5, 0x0, 0x1787})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x5}, [@func, @map_fd, @generic, @initr0, @exit, @printk={@p, {0x2, 0x3, 0x3, 0xa, 0x0}, {0x7, 0x1, 0xc, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, 0x0}, 0x90)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a9fde5}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x0, 0x1f}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x64}}, 0x0)

2.407083715s ago: executing program 2 (id=768):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000ee0000000000000000000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000280)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r1 = open(&(0x7f0000000140)='./bus\x00', 0x127842, 0x0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r2, 0x2007fff)
sendfile(r1, r2, 0x0, 0x1000000201005)

1.280555457s ago: executing program 0 (id=769):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = accept(r3, &(0x7f0000001200)=@l2, &(0x7f0000001280)=0x80)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001300), r0)
sendmsg$SEG6_CMD_GET_TUNSRC(r6, &(0x7f0000001400)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000013c0)={&(0x7f0000001340)={0x44, r7, 0x104, 0x70bd2c, 0x25dfdbfc, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xd93}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x2000a0d0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r8}, 0x2c, {'rootmode', 0x3d, 0x4000}})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061111800000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x60000000}, 0x70)
r9 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r10, 0x0, 0x11203}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x15}, @IFLA_BR_NF_CALL_IP6TABLES={0x5}, @IFLA_BR_AGEING_TIME={0x8}]}}}]}, 0x5c}}, 0x10)

1.230903381s ago: executing program 1 (id=770):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000401e04012810000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0)
pipe2$9p(&(0x7f00000000c0), 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
setsockopt$sock_linger(r4, 0x1, 0x3d, &(0x7f0000000080), 0x8)
sendmmsg$sock(r4, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f0000000040)={0x4699})

64.681255ms ago: executing program 0 (id=771):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x800000, &(0x7f0000001100), 0x1, 0x769, &(0x7f0000000340)="$eJzs3M9rHOUbAPBnptmmP/L9bgQP6kGEFloonSTNpT0ZL+KlUCh4rSGZhJBJtmQ3tYmFtp6F2lwUBNGzHr0Kpf4BXkQKCt4F0RoP4iUym03aptm4bTfZkn4+MNn3nXnffd5nZ/JmBvJuAC+sN8ofScRARFyIiGprfxoRB5ulQxE31tut3r82UW5JrK1d/D0pu8XqWnXzvZLW69FodolXIuJuJeLUh4/HrS8tz44XRb7Qqg815i4P1ZeWT8/MjU/n0/n8yOi54bOjo2eHR7uW6/F3zx2+/f3bKys/ftO49Xrf6STGmnlHK7euBXrI+mdSibEt++d3I1gPJR206duDcQAAsLPyPv9A696sEtU44C4NAAAA9p21/jUAAABg30ui1yMAAAAAdtfG/wFsrO3drXWw7fz2VkQMbhe/r7mGOOJQVCLiyGryyMqEZL0bPJMbNyPiztg211/Suv6e3vCWeidrpNlbd8r5Z2y7+SfdnH9im/mnb+O7E55R+/nvQfwDbea/Cx3G+PbzVytt49+MeK1vu/jJZvykTfz3Oox/a+Wj2+2OrX0ZcWLbvz/JI7F2+H6IoamZYsdfrbv/nLy3U/5HHoufJM2oyc75X+4w/w9W/5xtN5eU8U8e2/n8r8fvf6RfeU183BpHGhG3W69lfWVLjGNzP333eOTkxkb8yTaf//bn/53N/L/oMP9fvu6/2mFTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaEojYiCSNNssp2mWRRyNiJfjSFrU6o1TU7XF+cnyWMRgVNKpmSIfjojqej0p6yPN8oP6mS310Yh46efD60FnijybqBWTvU4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACATUcjYiCSNIuINCL+qqZplvV6VAAAAEDXDfZ6AAAAAMCu8/wPAAAA+9/TPv8nXR4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsK9dOH++3NZW71+bKOuTV5YWZ2tXTk/m9dlsbnEim6gtXM6ma7XpIs8manP/9X5pRIyci8WrQ4283hiqLy1fmqstzjcuzcyNT+eX8sqeZAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCTGmhuSZpFRNosp2mWRfwvIgajkkzNFPlwRPw/Iu5VK/1lfaTXgwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDr6kvLs+NFkS8oPJeFr2LHNpFEPC9DfcELEU/S63p09cT90P28ej0zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQC/Wl5dnxosgX6r0eCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL2V/ppERLmdqB4f2Hr0YPJ3tfkaEe9/dvGTq+ONxsJIuf+Pzf2NT1v7zzzU8fpe5gAAAAD73ptP0njjOX3jOR4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBT9aXl2fGiyBeesVCJiHZt4mavswQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7GvwEAAP//lhHByQ==")
chdir(&(0x7f0000000080)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000ac0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f00000002c0)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0046686, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
getpid()
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0x20)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x2}})

16.796528ms ago: executing program 2 (id=772):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))

0s ago: executing program 4 (id=773):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1868000000", @ANYBLOB="0000000000000000b702000014"], 0x0}, 0x90)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20000010)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x20001400)

kernel console output (not intermixed with test programs):

t_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback.
[   71.744824][ T3864] device veth0_to_hsr entered promiscuous mode
[   71.756458][ T3864] device vlan2 entered promiscuous mode
[   71.800333][ T3864] device veth0_to_hsr left promiscuous mode
[   71.959330][ T3585] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   72.133032][   T23] hub 2-1:0.0: set hub depth failed
[   72.935649][   T23] usb 2-1: USB disconnect, device number 3
[   73.031501][ T3872] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   73.072035][ T3585] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[   73.088066][ T3585] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.100480][ T3875] loop2: detected capacity change from 0 to 512
[   73.108420][ T3585] usb 5-1: config 0 descriptor??
[   73.185354][ T3875] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[   73.196309][ T3875] EXT4-fs (loop2): group descriptors corrupted!
[   73.569168][ T3888] loop1: detected capacity change from 0 to 2048
[   73.591521][ T3585] [drm:udl_init] *ERROR* Selecting channel failed
[   73.606338][ T3585] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2
[   73.619654][ T3585] [drm] Initialized udl on minor 2
[   73.647704][ T3585] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[   73.656851][ T3585] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[   73.679923][ T3888] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   73.682711][ T3585] usb 5-1: USB disconnect, device number 3
[   73.729925][ T3888] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002]
[   73.746972][ T3888] System zones: 0-19
[   73.796998][ T3888] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   73.961992][ T3893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.100'.
[   74.207319][ T3901] loop4: detected capacity change from 0 to 256
[   74.247891][ T3903] af_packet: tpacket_rcv: packet too big, clamped from 64989 to 3952. macoff=96
[   74.384247][ T3901] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d)
[   74.853551][ T3916] device veth0_vlan left promiscuous mode
[   74.860068][ T3916] device veth0_vlan entered promiscuous mode
[   74.926132][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   74.955772][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   74.994731][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   75.806707][ T3925] device veth0_to_hsr entered promiscuous mode
[   75.813057][ T3925] device vlan2 entered promiscuous mode
[   75.840913][ T3925] device veth0_to_hsr left promiscuous mode
[   75.873176][ T3926] netlink: 8 bytes leftover after parsing attributes in process `syz.3.113'.
[   76.154249][ T3935] syz.3.114 sent an empty control message without MSG_MORE.
[   76.272601][    T7] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   76.356104][ T1069] cfg80211: failed to load regulatory.db
[   76.385005][ T3512] ath6kl: Failed to init ath6kl core: -71
[   76.461399][ T3512] ath6kl_usb: probe of 4-1:0.0 failed with error -71
[   76.509321][ T3512] usb 4-1: USB disconnect, device number 3
[   76.641349][    T7] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[   76.660919][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.713687][    T7] usb 5-1: config 0 descriptor??
[   76.953557][ T3946] xt_CT: You must specify a L4 protocol and not use inversions on it
[   76.984654][ T3912] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   77.019449][ T3949] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   77.067929][  T150] block nbd2: Attempted send on invalid socket
[   77.075352][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[   77.093440][ T3946] SQUASHFS error: Failed to read block 0x0: -5
[   77.102834][ T3946] unable to read squashfs_super_block
[   77.191216][    T7] [drm:udl_init] *ERROR* Selecting channel failed
[   77.205548][    T7] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2
[   77.213360][    T7] [drm] Initialized udl on minor 2
[   77.233671][    T7] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[   77.247740][    T7] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[   77.275268][    T7] usb 5-1: USB disconnect, device number 4
[   78.071231][ T3512] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   78.481241][ T3512] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   78.518587][ T3512] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[   78.537221][ T3512] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.588693][ T3512] usb 4-1: config 0 descriptor??
[   78.642748][ T3512] pwc: Askey VC010 type 2 USB webcam detected.
[   78.838785][ T3953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   79.071297][ T3512] pwc: recv_control_msg error -32 req 02 val 2b00
[   79.121246][ T3512] pwc: recv_control_msg error -32 req 02 val 2700
[   79.171276][ T3512] pwc: recv_control_msg error -32 req 02 val 2c00
[   79.231303][ T3512] pwc: recv_control_msg error -32 req 04 val 1000
[   79.291207][ T3512] pwc: recv_control_msg error -32 req 04 val 1300
[   79.541317][ T3512] pwc: recv_control_msg error -71 req 02 val 2000
[   79.571454][ T3512] pwc: recv_control_msg error -71 req 02 val 2100
[   79.598912][ T3512] pwc: recv_control_msg error -71 req 04 val 1500
[   79.631308][ T3512] pwc: recv_control_msg error -71 req 02 val 2500
[   79.671847][ T3512] pwc: recv_control_msg error -71 req 02 val 2400
[   79.831301][ T3512] pwc: recv_control_msg error -71 req 02 val 2600
[   79.851231][ T3512] pwc: recv_control_msg error -71 req 02 val 2900
[   79.952891][ T3512] pwc: recv_control_msg error -71 req 02 val 2800
[   79.991425][ T3512] pwc: recv_control_msg error -71 req 04 val 1100
[   80.018526][ T3512] pwc: recv_control_msg error -71 req 04 val 1200
[   80.640204][ T3512] pwc: Registered as video71.
[   80.694748][ T3512] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[   80.836159][ T3512] usb 4-1: USB disconnect, device number 4
[   80.917776][ T4014] netlink: 24 bytes leftover after parsing attributes in process `syz.3.143'.
[   81.115835][ T4018] xt_CT: You must specify a L4 protocol and not use inversions on it
[   81.159744][  T150] block nbd1: Attempted send on invalid socket
[   81.166046][  T150] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[   81.189235][ T4018] SQUASHFS error: Failed to read block 0x0: -5
[   81.198330][ T4018] unable to read squashfs_super_block
[   81.201338][ T3525] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   81.398682][ T4027] netlink: 12 bytes leftover after parsing attributes in process `syz.4.147'.
[   81.513234][ T4029] 8021q: adding VLAN 0 to HW filter on device bond1
[   81.523774][ T4029] bond0: (slave bond1): Enslaving as an active interface with an up link
[   81.581248][ T3525] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   81.653847][ T3525] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[   81.734819][ T3525] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.881915][ T3525] usb 3-1: config 0 descriptor??
[   82.891255][ T3525] ath6kl: Failed to submit usb control message: -71
[   82.910368][ T3525] ath6kl: unable to send the bmi data to the device: -71
[   82.943049][ T3525] ath6kl: Unable to send get target info: -71
[   82.980220][ T3525] ath6kl: Failed to init ath6kl core: -71
[   83.040272][ T3525] ath6kl_usb: probe of 3-1:0.0 failed with error -71
[   83.103761][ T3525] usb 3-1: USB disconnect, device number 2
[   83.185592][ T4049] netlink: 72 bytes leftover after parsing attributes in process `syz.4.154'.
[   84.020120][ T4053] netlink: 24 bytes leftover after parsing attributes in process `syz.4.156'.
[   84.218231][ T4060] netlink: 12 bytes leftover after parsing attributes in process `syz.1.159'.
[   84.689065][ T4066] loop1: detected capacity change from 0 to 1024
[   85.398293][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.454730][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.483831][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.505518][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.538390][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.552852][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.578453][ T4070] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.628648][ T4070] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.686912][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.717241][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.735432][ T4051] loop2: detected capacity change from 0 to 32768
[   85.757648][ T4070] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.816679][ T4070] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.831409][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.850167][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.868234][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.877596][ T4051] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1
[   85.877596][ T4051] 
[   85.885982][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.907151][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.919223][ T4051] ERROR: (device loop2): remounting filesystem as read-only
[   85.925538][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.939828][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.942320][ T4051] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 3
[   85.942320][ T4051] 
[   85.966670][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   85.978537][ T4063] loop4: detected capacity change from 0 to 32768
[   85.983750][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.002788][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.004926][ T4051] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   86.004926][ T4051] 
[   86.020381][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.038493][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.048502][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.104990][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.119189][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.129251][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.175598][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.188903][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.200145][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.210759][ T4063] XFS (loop4): Mounting V5 Filesystem
[   86.218261][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.226667][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.234309][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.242221][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.249537][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.257702][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.265491][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.274498][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.283595][ T4066] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.292937][   T26] audit: type=1800 audit(1720554647.047:2): pid=4066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.161" name="file1" dev="loop1" ino=20 res=0 errno=0
[   86.363391][    T9] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.374339][ T4063] XFS (loop4): Ending clean mount
[   86.417075][    T9] hfsplus: request for non-existent node 16777216 in B*Tree
[   86.647569][ T3514] XFS (loop4): Unmounting Filesystem
[   86.825321][ T4095] netlink: 72 bytes leftover after parsing attributes in process `syz.1.166'.
[   86.858251][ T4096] xt_CT: You must specify a L4 protocol and not use inversions on it
[   86.883233][  T150] block nbd2: Attempted send on invalid socket
[   86.889585][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[   86.926238][ T4096] SQUASHFS error: Failed to read block 0x0: -5
[   86.932814][ T3512] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   86.940540][ T4096] unable to read squashfs_super_block
[   86.946545][   T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   87.237196][   T23] usb 4-1: Using ep0 maxpacket: 32
[   87.323253][ T3512] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[   87.348577][ T3512] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.371280][   T23] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[   87.386002][ T3512] usb 1-1: config 0 descriptor??
[   87.393327][   T23] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[   87.408117][   T23] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[   87.424505][   T23] usb 4-1: config 1 has no interface number 0
[   87.439049][   T23] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 255, changing to 11
[   87.451471][   T23] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 59391, setting to 1024
[   87.470910][   T23] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   87.491833][   T23] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   87.502547][   T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.558624][ T4090] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[   87.584251][   T23] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[   87.707981][ T4104] netlink: 24 bytes leftover after parsing attributes in process `syz.1.171'.
[   87.799780][ T4090] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[   87.858034][   T23] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[   87.891465][ T3512] [drm:udl_init] *ERROR* Selecting channel failed
[   87.940521][ T3512] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2
[   87.975119][ T3512] [drm] Initialized udl on minor 2
[   88.011153][ T3512] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[   88.045585][ T3512] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[   88.094442][ T3512] usb 1-1: USB disconnect, device number 2
[   88.109549][ T1069] usb 4-1: USB disconnect, device number 5
[   88.283938][ T1069] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[   89.282578][ T4114] binder: 4112:4114 ioctl 400c620e 20000140 returned -22
[   89.787774][ T4106] loop1: detected capacity change from 0 to 32768
[   89.843569][ T4106] XFS (loop1): Mounting V5 Filesystem
[   89.887387][ T4106] XFS (loop1): Ending clean mount
[   89.900394][ T4106] XFS (loop1): Quotacheck needed: Please wait.
[   89.938807][ T4106] XFS (loop1): Quotacheck: Done.
[   89.976195][ T3506] XFS (loop1): Unmounting Filesystem
[  119.661281][ T3557] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  119.704201][ T4168] netlink: 12 bytes leftover after parsing attributes in process `syz.3.188'.
[  119.747897][ T4168] 8021q: adding VLAN 0 to HW filter on device bond1
[  119.762907][ T4168] bond0: (slave bond1): Enslaving as an active interface with an up link
[  119.771733][ T1069] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  119.811335][ T4171] loop2: detected capacity change from 0 to 512
[  119.871234][ T3525] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  119.880467][ T4171] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  119.903206][ T4171] ext4 filesystem being mounted at /30/bus supports timestamps until 2038 (0x7fffffff)
[  119.921239][ T3557] usb 1-1: Using ep0 maxpacket: 16
[  119.957281][   T26] audit: type=1804 audit(1720554680.707:3): pid=4171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.189" name="/newroot/30/bus/bus" dev="loop2" ino=18 res=1 errno=0
[  120.051322][ T3557] usb 1-1: config index 0 descriptor too short (expected 24929, got 18)
[  120.059703][ T3557] usb 1-1: config 97 has too many interfaces: 97, using maximum allowed: 32
[  120.114386][ T3557] usb 1-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config
[  120.130403][ T3557] usb 1-1: config 97 has 0 interfaces, different from the descriptor's value: 97
[  120.171562][ T1069] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  120.187508][ T1069] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.197982][ T1069] usb 5-1: config 0 descriptor??
[  120.352491][ T3525] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.363603][ T3557] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  120.380655][ T3557] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  120.389150][ T3525] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  120.405282][ T3557] usb 1-1: Product: syz
[  120.409480][ T3557] usb 1-1: Manufacturer: syz
[  120.415625][ T3525] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  120.430636][ T3525] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.111176][ T1069] [drm:udl_init] *ERROR* Selecting channel failed
[  121.182400][ T3525] usb 2-1: config 0 descriptor??
[  121.217751][ T1069] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2
[  121.240730][ T1069] [drm] Initialized udl on minor 2
[  121.501160][ T1069] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  121.996962][ T3525] hid (null): bogus close delimiter
[  122.196725][ T1069] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  122.205553][ T1069] usb 5-1: USB disconnect, device number 5
[  122.625132][ T4217] input: syz1 as /devices/virtual/input/input6
[  122.711254][ T3525] usb 2-1: string descriptor 0 read error: -71
[  122.731741][ T3525] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #200: -71
[  122.746110][ T3525] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71
[  122.757370][ T3525] uclogic 0003:256C:006D.0001: failed probing pen v2 parameters: -71
[  122.765808][ T3525] uclogic 0003:256C:006D.0001: failed probing parameters: -71
[  122.777408][ T3525] uclogic: probe of 0003:256C:006D.0001 failed with error -71
[  122.837072][ T3525] usb 2-1: USB disconnect, device number 4
[  123.455033][ T3557] r8152-cfgselector 1-1: Unknown version 0x0000
[  123.540139][ T3557] r8152-cfgselector 1-1: USB disconnect, device number 3
[  123.841083][ T1066] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  124.261316][ T1066] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  124.351083][ T1066] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.652468][ T1066] usb 2-1: config 0 descriptor??
[  124.892463][ T4253] input: syz1 as /devices/virtual/input/input7
[  125.101741][ T4257] netlink: 84 bytes leftover after parsing attributes in process `syz.3.216'.
[  125.151181][ T1066] [drm:udl_init] *ERROR* Selecting channel failed
[  125.179613][ T1066] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2
[  125.195468][ T4261] loop4: detected capacity change from 0 to 512
[  125.217108][ T1066] [drm] Initialized udl on minor 2
[  125.251140][ T1066] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  125.290473][ T1066] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  125.349817][ T1066] usb 2-1: USB disconnect, device number 5
[  125.460674][ T4261] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #15: comm syz.4.218: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  125.488806][ T4273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.223'.
[  125.511369][ T4270] syzkaller0: tun_chr_ioctl cmd 21731
[  125.547299][ T4261] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.218: couldn't read orphan inode 15 (err -117)
[  125.572772][ T4273] device team0 entered promiscuous mode
[  125.578368][ T4273] device team_slave_0 entered promiscuous mode
[  125.617353][ T4261] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  125.651213][ T4261] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038 (0x7fffffff)
[  125.691443][ T4273] device team_slave_1 entered promiscuous mode
[  125.799704][ T4274] team0: Port device team_slave_0 removed
[  125.855770][ T4272] device team0 left promiscuous mode
[  125.895761][ T4272] device team_slave_1 left promiscuous mode
[  126.028849][ T4284] netlink: 16 bytes leftover after parsing attributes in process `syz.3.227'.
[  126.061158][ T1069] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  126.361284][ T1069] usb 5-1: Using ep0 maxpacket: 16
[  126.491308][ T1069] usb 5-1: config index 0 descriptor too short (expected 24929, got 18)
[  126.507114][ T1069] usb 5-1: config 97 has too many interfaces: 97, using maximum allowed: 32
[  126.517385][ T4299] netlink: 8 bytes leftover after parsing attributes in process `syz.3.232'.
[  126.518230][ T1069] usb 5-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config
[  126.538462][ T1069] usb 5-1: config 97 has 0 interfaces, different from the descriptor's value: 97
[  126.683300][ T1069] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  126.697197][ T1069] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  126.717013][ T1069] usb 5-1: Product: syz
[  126.729673][ T1069] usb 5-1: Manufacturer: syz
[  127.315142][ T4317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.238'.
[  127.789480][ T4301] loop1: detected capacity change from 0 to 32768
[  127.904014][ T4331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.245'.
[  128.020009][ T4301] XFS (loop1): Mounting V5 Filesystem
[  128.136329][ T4301] XFS (loop1): Ending clean mount
[  128.147749][ T4301] XFS (loop1): Quotacheck needed: Please wait.
[  128.217324][ T4301] XFS (loop1): Quotacheck: Done.
[  128.405696][ T3506] XFS (loop1): Unmounting Filesystem
[  128.431699][ T1069] r8152-cfgselector 5-1: Unknown version 0x0000
[  128.460143][ T1069] r8152-cfgselector 5-1: USB disconnect, device number 6
[  128.528458][ T4354] loop4: detected capacity change from 0 to 164
[  128.632928][ T4354] Unable to read rock-ridge attributes
[  129.332200][ T4355] Unable to read rock-ridge attributes
[  129.451446][ T4362] loop2: detected capacity change from 0 to 128
[  129.634051][ T4354] Unable to read rock-ridge attributes
[  129.639924][ T4354] iso9660: Corrupted directory entry in block 4 of inode 1792
[  129.803145][ T4362] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  129.886725][ T4362] ext4 filesystem being mounted at /49/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  130.271320][ T1066] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  130.469409][ T4375] netlink: 4 bytes leftover after parsing attributes in process `syz.3.255'.
[  130.506395][ T4375] device team0 entered promiscuous mode
[  130.519377][ T4375] device team_slave_0 entered promiscuous mode
[  130.526180][ T4375] device team_slave_1 entered promiscuous mode
[  130.577019][ T4375] team0: Port device team_slave_0 removed
[  130.622184][ T4373] device team0 left promiscuous mode
[  130.639855][ T4373] device team_slave_1 left promiscuous mode
[  131.001115][ T1066] usb 5-1: Using ep0 maxpacket: 8
[  131.187524][ T1066] usb 5-1: config 0 has no interfaces?
[  132.071375][ T1066] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  132.137436][ T1066] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.160846][ T1066] usb 5-1: Product: syz
[  132.165768][ T1066] usb 5-1: Manufacturer: syz
[  132.170567][ T1066] usb 5-1: SerialNumber: syz
[  132.196282][ T1066] usb 5-1: config 0 descriptor??
[  132.434792][ T4405] netlink: 'syz.3.267': attribute type 5 has an invalid length.
[  132.464947][ T4369] udc-core: couldn't find an available UDC or it's busy
[  132.481310][ T4369] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  132.508971][ T4407] netlink: 40 bytes leftover after parsing attributes in process `syz.1.266'.
[  132.662446][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  132.669037][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  132.813967][  T264] block nbd2: Attempted send on invalid socket
[  132.820173][  T264] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  132.910302][ T4369] udc-core: couldn't find an available UDC or it's busy
[  132.961247][ T4369] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  133.012452][ T4369] udc-core: couldn't find an available UDC or it's busy
[  133.019501][ T4369] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  133.211258][ T4427] netlink: 4 bytes leftover after parsing attributes in process `syz.3.273'.
[  133.506480][ T3557] usb 5-1: USB disconnect, device number 7
[  135.191121][ T3512] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  135.591192][ T3512] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.651080][ T3512] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  135.731375][ T3512] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  135.797678][ T3512] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.862060][ T3512] usb 5-1: config 0 descriptor??
[  136.571494][ T3512] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  136.623082][ T3512] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  136.750286][ T4472] ebt_limit: overflow, try lower: 0/0
[  137.382324][ T3585] usb 5-1: USB disconnect, device number 8
[  137.499702][ T4477] netlink: 24 bytes leftover after parsing attributes in process `syz.3.290'.
[  137.732631][ T4480] device syzkaller0 entered promiscuous mode
[  138.076960][ T1066] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  138.961112][ T1066] usb 2-1: Using ep0 maxpacket: 8
[  139.081210][ T1066] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  139.090297][ T1066] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.152539][ T1066] usb 2-1: config 0 descriptor??
[  139.341318][   T23] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  140.262284][   T23] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  140.335775][ T4514] ebt_limit: overflow, try lower: 0/0
[  140.395287][   T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.603890][   T23] usb 3-1: config 0 descriptor??
[  141.011157][ T1066] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  141.028925][ T4515] loop4: detected capacity change from 0 to 2048
[  141.046406][ T1066] asix: probe of 2-1:0.0 failed with error -71
[  141.086609][ T1066] usb 2-1: USB disconnect, device number 6
[  141.191348][   T23] [drm:udl_init] *ERROR* Selecting channel failed
[  141.230049][   T23] [drm] Initialized udl 0.0.1 20120220 for 3-1:0.0 on minor 2
[  141.249605][   T23] [drm] Initialized udl on minor 2
[  141.301271][   T23] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  141.345459][  T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.355306][   T23] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  141.429498][   T23] usb 3-1: USB disconnect, device number 3
[  141.461426][ T4522] loop1: detected capacity change from 0 to 512
[  141.478616][  T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.506325][ T3512] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed
[  141.538931][ T3512] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed
[  141.553119][ T3512] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  141.583397][ T4522] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  141.605139][ T4522] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038 (0x7fffffff)
[  141.656616][  T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.835991][ T3525] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  142.141319][ T3525] usb 4-1: Using ep0 maxpacket: 32
[  142.296087][ T3525] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36
[  142.374716][  T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.425564][ T4506] chnl_net:caif_netlink_parms(): no params data found
[  142.512373][ T3525] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  142.542080][ T3525] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.580469][ T3525] usb 4-1: Product: syz
[  142.584495][   T23] Bluetooth: hci5: command 0x0409 tx timeout
[  142.587203][ T3525] usb 4-1: Manufacturer: syz
[  142.610342][ T3525] usb 4-1: SerialNumber: syz
[  142.698236][ T3525] usb 4-1: config 0 descriptor??
[  142.741628][ T4524] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  142.821679][ T3525] hub 4-1:0.0: bad descriptor, ignoring hub
[  142.835446][ T3525] hub: probe of 4-1:0.0 failed with error -5
[  142.856526][ T3525] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input8
[  142.976359][ T4506] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.003222][ T4506] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.052599][ T4506] device bridge_slave_0 entered promiscuous mode
[  143.089386][ T4506] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.098696][ T4506] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.114537][ T1066] usb 4-1: USB disconnect, device number 6
[  143.121092][    C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  143.157140][ T4506] device bridge_slave_1 entered promiscuous mode
[  143.335992][ T4506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  143.360629][ T4506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  143.378205][ T4546] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  143.525165][ T4506] team0: Port device team_slave_0 added
[  143.562615][ T4506] team0: Port device team_slave_1 added
[  143.758509][ T4506] batman_adv: batadv0: Adding interface: batadv_slave_0
[  143.796361][ T4506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.910563][ T4506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  143.953984][ T4506] batman_adv: batadv0: Adding interface: batadv_slave_1
[  143.979940][ T4506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.064986][ T4506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  144.274232][ T4506] device hsr_slave_0 entered promiscuous mode
[  144.317127][ T4506] device hsr_slave_1 entered promiscuous mode
[  144.343820][ T4506] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  144.371881][ T4506] Cannot create hsr debugfs directory
[  144.378760][ T4541] loop1: detected capacity change from 0 to 32768
[  144.452348][ T4541] resize option for remount only
[  144.578646][ T4578] loop2: detected capacity change from 0 to 512
[  144.621232][ T3557] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  144.734263][ T4583] ODEBUG: Out of memory. ODEBUG disabled
[  144.989833][ T3554] Bluetooth: hci5: command 0x041b tx timeout
[  145.085120][ T4578] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  145.106441][ T4584] netlink: 72 bytes leftover after parsing attributes in process `syz.1.321'.
[  145.141392][ T4578] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038 (0x7fffffff)
[  145.211109][ T3557] usb 4-1: Using ep0 maxpacket: 8
[  145.331336][ T3557] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  145.459545][ T3557] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.504237][ T3557] usb 4-1: config 0 descriptor??
[  145.625048][ T4596] loop1: detected capacity change from 0 to 2048
[  145.660691][  T144] device hsr_slave_0 left promiscuous mode
[  145.675476][  T144] device hsr_slave_1 left promiscuous mode
[  145.713306][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  145.720828][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  145.771333][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  145.778852][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  145.790741][ T4596] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  145.796560][ T4604] loop4: detected capacity change from 0 to 2048
[  145.821520][  T144] device bridge_slave_1 left promiscuous mode
[  145.836479][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.877213][  T144] device bridge_slave_0 left promiscuous mode
[  145.899307][ T4604] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  145.920496][ T4596] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.322: bg 0: block 234: padding at end of block bitmap is not set
[  145.946736][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.008232][ T4604] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.323: bg 0: block 234: padding at end of block bitmap is not set
[  146.076608][ T4596] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 117
[  146.099917][ T4604] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 117
[  146.107661][ T4596] EXT4-fs (loop1): This should not happen!! Data will be lost
[  146.107661][ T4596] 
[  146.124686][ T4604] EXT4-fs (loop4): This should not happen!! Data will be lost
[  146.124686][ T4604] 
[  146.135889][  T144] device veth1_macvtap left promiscuous mode
[  146.151459][  T144] device veth0_macvtap left promiscuous mode
[  146.189004][  T144] device veth1_vlan left promiscuous mode
[  146.197223][  T144] device veth0_vlan left promiscuous mode
[  146.589131][  T144] team0 (unregistering): Port device team_slave_1 removed
[  146.604898][  T144] team0 (unregistering): Port device team_slave_0 removed
[  146.619174][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  146.639717][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  146.651678][ T3557] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  146.662075][ T3557] asix: probe of 4-1:0.0 failed with error -71
[  146.671217][ T3557] usb 4-1: USB disconnect, device number 7
[  146.771572][ T4623] fuse: Bad value for 'fd'
[  146.810687][  T144] bond0 (unregistering): Released all slaves
[  146.838028][ T4625] loop2: detected capacity change from 0 to 512
[  146.928948][ T4615] netlink: 4 bytes leftover after parsing attributes in process `syz.1.325'.
[  146.950136][ T4625] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  146.961338][ T4625] ext4 filesystem being mounted at /64/bus supports timestamps until 2038 (0x7fffffff)
[  147.139069][   T23] Bluetooth: hci5: command 0x040f tx timeout
[  147.186686][ T4629] loop4: detected capacity change from 0 to 2048
[  147.364674][ T4629] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  147.521585][ T4506] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  147.532879][ T4506] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  147.557768][ T4506] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  147.582436][ T4642] netlink: 72 bytes leftover after parsing attributes in process `syz.3.331'.
[  147.595521][ T4506] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  148.251524][ T4649] loop4: detected capacity change from 0 to 512
[  148.376360][ T4649] EXT4-fs (loop4): Test dummy encryption mode enabled
[  148.472196][ T4649] EXT4-fs error (device loop4): __ext4_iget:4861: inode #11: block 1: comm syz.4.333: invalid block
[  148.491316][ T4649] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.333: couldn't read orphan inode 11 (err -117)
[  148.503679][ T4649] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none.
[  148.590102][ T4661] loop1: detected capacity change from 0 to 512
[  148.605357][ T4506] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.694757][ T3525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  148.714525][ T3525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  148.741872][ T4661] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  148.763031][ T4506] 8021q: adding VLAN 0 to HW filter on device team0
[  148.832839][ T3525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  148.853071][ T4661] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038 (0x7fffffff)
[  148.878416][ T3525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  148.927417][ T3525] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.934804][ T3525] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.994747][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  149.011808][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  149.041899][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  149.062171][ T3551] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.069353][ T3551] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.101583][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  149.171669][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  149.202030][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  149.225308][   T23] Bluetooth: hci5: command 0x0419 tx timeout
[  149.238318][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  149.850136][ T3525] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  149.862173][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  149.872410][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  149.888109][ T4506] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  149.945157][ T4506] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  150.028908][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  150.048756][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  150.089251][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  150.122521][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  150.151607][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  150.179929][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  150.221389][ T3525] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  150.244556][ T3525] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.286126][ T3525] usb 4-1: config 0 descriptor??
[  150.443034][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  150.450810][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  150.499666][ T4506] 8021q: adding VLAN 0 to HW filter on device batadv0
[  150.591523][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  150.898383][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  150.951547][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  150.970219][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  151.024950][ T4721] netlink: 72 bytes leftover after parsing attributes in process `syz.2.343'.
[  151.040734][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  151.069113][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  151.121983][ T4506] device veth0_vlan entered promiscuous mode
[  151.131279][ T3525] [drm:udl_init] *ERROR* Selecting channel failed
[  151.197453][ T4506] device veth1_vlan entered promiscuous mode
[  151.205423][ T3525] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2
[  151.238392][ T3525] [drm] Initialized udl on minor 2
[  151.291862][ T3525] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  151.360527][ T3525] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  151.428823][ T3525] usb 4-1: USB disconnect, device number 8
[  151.436808][ T4506] device veth0_macvtap entered promiscuous mode
[  151.476398][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  151.497614][ T4728] loop2: detected capacity change from 0 to 512
[  151.500002][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  151.525078][ T4506] device veth1_macvtap entered promiscuous mode
[  151.540715][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  151.557606][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  151.606517][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.625278][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.637959][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.666369][ T4728] EXT4-fs (loop2): Test dummy encryption mode enabled
[  151.683536][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.717385][ T4734] loop1: detected capacity change from 0 to 512
[  151.741138][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.763463][ T4728] EXT4-fs error (device loop2): __ext4_iget:4861: inode #11: block 1: comm syz.2.345: invalid block
[  151.784979][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.800013][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.810839][ T4728] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.345: couldn't read orphan inode 11 (err -117)
[  151.824887][ T4728] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none.
[  151.831951][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.006977][ T4506] batman_adv: batadv0: Interface activated: batadv_slave_0
[  152.059992][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  152.096151][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  152.120697][ T4734] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  152.165015][ T4734] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038 (0x7fffffff)
[  152.212231][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  152.265198][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.291396][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  152.310449][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.327400][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  152.356167][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.386909][ T4506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  152.576007][ T4506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.620529][ T4506] batman_adv: batadv0: Interface activated: batadv_slave_1
[  152.676449][ T3557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  152.694248][ T3557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  152.777766][ T4506] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  152.826058][ T4506] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  152.876442][ T4506] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  152.947606][ T4506] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  153.025362][ T4761] netlink: 72 bytes leftover after parsing attributes in process `syz.2.354'.
[  153.356712][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.408848][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.506853][ T3557] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  153.557153][ T3730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.599915][ T3730] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.696995][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  153.741065][ T3552] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  154.108171][ T4781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  154.118390][ T3552] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  154.146325][ T3552] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.193846][ T3552] usb 2-1: config 0 descriptor??
[  154.413355][ T4790] loop2: detected capacity change from 0 to 512
[  154.603538][ T4790] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  154.618258][ T4790] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038 (0x7fffffff)
[  154.697319][ T3552] [drm:udl_init] *ERROR* Selecting channel failed
[  155.394413][ T3552] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2
[  155.415394][ T3552] [drm] Initialized udl on minor 2
[  155.441116][ T3552] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  155.449674][ T3552] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  155.459535][ T3552] usb 2-1: USB disconnect, device number 7
[  155.594556][ T4798] device pim6reg1 entered promiscuous mode
[  156.338667][ T4807] loop2: detected capacity change from 0 to 512
[  156.407522][ T4807] EXT4-fs (loop2): Test dummy encryption mode enabled
[  156.458276][ T4807] EXT4-fs error (device loop2): __ext4_iget:4861: inode #11: block 1: comm syz.2.371: invalid block
[  156.481493][ T4807] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.371: couldn't read orphan inode 11 (err -117)
[  156.500790][ T4803] netlink: 72 bytes leftover after parsing attributes in process `syz.1.370'.
[  156.537039][ T4812] loop0: detected capacity change from 0 to 1024
[  156.546877][ T4807] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none.
[  156.646021][ T4812] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  156.776890][ T4812] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal
[  156.812135][ T4822] netlink: 'syz.3.378': attribute type 2 has an invalid length.
[  156.841493][ T4822] netlink: 200 bytes leftover after parsing attributes in process `syz.3.378'.
[  156.920077][   T26] audit: type=1326 audit(1720554717.667:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4818 comm="syz.4.377" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f26035a6bd9 code=0x0
[  157.251153][    T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  158.203710][ T4855] tmpfs: Unknown parameter 'ÿÿ'
[  158.411221][    T7] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  158.728224][    T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.743952][    T7] usb 3-1: config 0 descriptor??
[  159.221192][    T7] [drm:udl_init] *ERROR* Selecting channel failed
[  159.242308][    T7] [drm] Initialized udl 0.0.1 20120220 for 3-1:0.0 on minor 2
[  159.270290][    T7] [drm] Initialized udl on minor 2
[  159.311182][    T7] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  159.341875][    T7] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  159.391319][    T7] usb 3-1: USB disconnect, device number 4
[  159.571717][ T4884] loop1: detected capacity change from 0 to 512
[  159.783268][ T4884] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  159.817471][ T4884] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038 (0x7fffffff)
[  161.761081][ T3585] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  161.924591][   T26] audit: type=1326 audit(1720554722.677:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4916 comm="syz.2.409" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f980c549bd9 code=0x0
[  162.211427][ T3585] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  162.220513][ T3585] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.271533][ T3585] usb 4-1: config 0 descriptor??
[  162.276846][ T4934] loop1: detected capacity change from 0 to 128
[  162.471077][ T4934] loop1: detected capacity change from 128 to 0
[  162.507360][ T4939] loop4: detected capacity change from 0 to 2048
[  162.549717][    C1] blk_update_request: I/O error, dev loop1, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.581493][ T4934] FAT-fs (loop1): Directory bread(block 3) failed
[  162.606911][    C0] blk_update_request: I/O error, dev loop1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.618443][ T4934] FAT-fs (loop1): Directory bread(block 4) failed
[  162.626347][    C1] blk_update_request: I/O error, dev loop1, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.629608][ T4939] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  162.653114][ T4934] FAT-fs (loop1): Directory bread(block 5) failed
[  162.680558][    C0] blk_update_request: I/O error, dev loop1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.692233][ T4934] FAT-fs (loop1): Directory bread(block 6) failed
[  162.791392][ T3585] [drm:udl_init] *ERROR* Selecting channel failed
[  162.801102][    C0] blk_update_request: I/O error, dev loop1, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.812171][ T3506] FAT-fs (loop1): Directory bread(block 3) failed
[  162.820877][ T3585] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2
[  162.834914][ T3585] [drm] Initialized udl on minor 2
[  162.847646][    C0] blk_update_request: I/O error, dev loop1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.858678][ T3506] FAT-fs (loop1): Directory bread(block 4) failed
[  162.865663][ T3585] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  162.880638][ T3585] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  162.883577][    C0] blk_update_request: I/O error, dev loop1, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.898694][ T3506] FAT-fs (loop1): Directory bread(block 5) failed
[  162.914643][    C1] blk_update_request: I/O error, dev loop1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.926067][ T3506] FAT-fs (loop1): Directory bread(block 6) failed
[  162.941038][ T3585] usb 4-1: USB disconnect, device number 9
[  162.962942][   T21] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  162.987931][   T21] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed
[  162.989154][    C0] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.007034][   T21] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  163.007390][ T3506] FAT-fs (loop1): unable to read boot sector to mark fs as dirty
[  163.257712][ T4948] loop2: detected capacity change from 0 to 512
[  163.267080][ T4946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  163.288929][ T4946] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  163.347724][ T4951] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  163.422834][ T3506] syz-executor (3506) used greatest stack depth: 19576 bytes left
[  163.434135][ T4948] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  163.465992][ T4948] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038 (0x7fffffff)
[  163.495611][ T3636] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.712261][ T3636] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.745331][ T4968] loop4: detected capacity change from 0 to 256
[  163.955207][   T26] audit: type=1326 audit(1720554724.707:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4959 comm="syz.3.426" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1500df8bd9 code=0x0
[  164.232483][ T4968] exfat: Bad value for 'uid'
[  164.286438][ T3636] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.476706][ T4978] loop2: detected capacity change from 0 to 1024
[  164.526439][ T3636] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.649581][ T4983] loop4: detected capacity change from 0 to 512
[  164.667540][ T4978] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  164.797839][ T4983] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000400000,minixdf,,errors=continue. Quota mode: writeback.
[  164.840420][ T4983] ext4 filesystem being mounted at /85/bus supports timestamps until 2038 (0x7fffffff)
[  164.971258][    T7] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  165.137367][ T4998] loop2: detected capacity change from 0 to 64
[  165.265868][ T5001] loop4: detected capacity change from 0 to 8
[  165.275595][ T4973] chnl_net:caif_netlink_parms(): no params data found
[  165.351311][    T7] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  165.388366][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.442323][    T7] usb 4-1: config 0 descriptor??
[  165.584149][ T5011] loop2: detected capacity change from 0 to 512
[  165.705541][ T5011] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  165.750145][ T4973] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.767453][ T5011] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038 (0x7fffffff)
[  165.778019][ T4973] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.787600][ T4973] device bridge_slave_0 entered promiscuous mode
[  165.818523][ T4973] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.828803][ T4973] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.001157][    T7] [drm:udl_init] *ERROR* Selecting channel failed
[  166.008883][ T4973] device bridge_slave_1 entered promiscuous mode
[  166.020402][    T7] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2
[  166.124128][    T7] [drm] Initialized udl on minor 2
[  166.155356][    T7] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  166.272678][    T7] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  166.321588][    T7] usb 4-1: USB disconnect, device number 10
[  166.401291][ T4973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.454534][ T4973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.500723][ T3554] Bluetooth: hci0: command 0x0409 tx timeout
[  166.732866][ T4973] team0: Port device team_slave_0 added
[  166.775633][ T4973] team0: Port device team_slave_1 added
[  166.894503][ T4973] batman_adv: batadv0: Adding interface: batadv_slave_0
[  166.919424][ T4973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  166.960262][   T26] audit: type=1326 audit(1720554727.707:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.2.440" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f980c549bd9 code=0x0
[  167.026658][ T4973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.090899][ T4973] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.099200][ T4973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.232195][ T4973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.423300][ T5048] loop0: detected capacity change from 0 to 512
[  167.445528][ T4973] device hsr_slave_0 entered promiscuous mode
[  167.456174][ T5012] loop4: detected capacity change from 0 to 40427
[  167.466038][ T4973] device hsr_slave_1 entered promiscuous mode
[  167.482156][ T4973] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  167.496388][ T4973] Cannot create hsr debugfs directory
[  167.545286][ T5048] EXT4-fs (loop0): 1 truncate cleaned up
[  167.605898][ T5048] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  167.667820][ T5012] F2FS-fs (loop4): Found nat_bits in checkpoint
[  167.769579][ T5065] loop2: detected capacity change from 0 to 1024
[  167.867806][ T3636] device hsr_slave_0 left promiscuous mode
[  167.875524][ T3636] device hsr_slave_1 left promiscuous mode
[  167.882440][ T3636] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  167.890182][ T3636] batman_adv: batadv0: Removing interface: batadv_slave_0
[  167.898650][ T3636] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  167.906646][ T3636] batman_adv: batadv0: Removing interface: batadv_slave_1
[  167.916175][ T3636] device bridge_slave_1 left promiscuous mode
[  167.922878][ T3636] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.942292][ T3636] device bridge_slave_0 left promiscuous mode
[  167.950052][ T3636] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.987143][ T3636] device veth1_macvtap left promiscuous mode
[  167.999655][ T3636] device veth0_macvtap left promiscuous mode
[  168.007662][ T3636] device veth1_vlan left promiscuous mode
[  168.019822][ T3636] device veth0_vlan left promiscuous mode
[  168.197383][ T5065] attempt to access beyond end of device
[  168.197383][ T5065] loop2: rw=0, want=201326594, limit=1024
[  168.274031][ T5012] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  168.374440][ T5065] Buffer I/O error on dev loop2, logical block 100663296, async page read
[  168.507266][ T5065] hfsplus: unable to mark blocks free: error -5
[  168.514392][ T5065] hfsplus: can't free extent
[  168.581381][ T1069] Bluetooth: hci0: command 0x041b tx timeout
[  168.632576][ T5076] netlink: 72 bytes leftover after parsing attributes in process `syz.0.450'.
[  168.895446][ T3636] team0 (unregistering): Port device team_slave_1 removed
[  168.926441][ T3636] team0 (unregistering): Port device team_slave_0 removed
[  168.945505][ T3636] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  168.964513][ T3636] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  169.184416][ T3636] bond0 (unregistering): Released all slaves
[  169.517786][ T5094] netlink: 32 bytes leftover after parsing attributes in process `syz.2.456'.
[  169.743593][ T5111] loop0: detected capacity change from 0 to 512
[  169.805762][ T5107] device vlan2 entered promiscuous mode
[  169.831384][ T5107] device xfrm0 entered promiscuous mode
[  169.859015][ T5111] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  169.900881][ T5107] team0: Port device vlan2 added
[  169.941075][ T5123] netlink: 72 bytes leftover after parsing attributes in process `syz.4.464'.
[  170.051545][ T5111] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038 (0x7fffffff)
[  170.817795][   T21] Bluetooth: hci0: command 0x040f tx timeout
[  171.114768][ T5145] netlink: 'syz.2.471': attribute type 2 has an invalid length.
[  171.124628][ T5146] netlink: 72 bytes leftover after parsing attributes in process `syz.4.468'.
[  171.155231][ T5145] netlink: 'syz.2.471': attribute type 8 has an invalid length.
[  171.227130][ T5145] netlink: 132 bytes leftover after parsing attributes in process `syz.2.471'.
[  171.242198][ T1069] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  171.323109][ T4973] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  171.373596][ T4973] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  171.427161][ T4973] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  171.497869][ T4973] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  171.521153][ T1069] usb 4-1: Using ep0 maxpacket: 8
[  171.616001][ T5153] xt_cgroup: xt_cgroup: no path or classid specified
[  171.661304][ T1069] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  171.679872][ T1069] usb 4-1: config 179 has no interface number 0
[  171.723923][ T1069] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  171.835270][ T1069] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  171.891358][ T4973] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.898845][ T1069] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  171.947041][ T1069] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  171.985063][ T4973] 8021q: adding VLAN 0 to HW filter on device team0
[  172.003676][ T1069] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  172.058050][ T5177] loop4: detected capacity change from 0 to 512
[  172.072465][ T1069] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  172.268126][ T1069] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.307783][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  172.321552][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  172.334690][ T5140] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  172.335138][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  172.351548][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  172.360428][   T23] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.367547][   T23] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.379524][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  172.413338][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  172.427088][   T23] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.434463][   T23] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.435488][ T5177] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  172.461732][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  172.470939][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  172.480774][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  172.489734][ T5187] netlink: 72 bytes leftover after parsing attributes in process `syz.2.477'.
[  172.502514][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  172.521847][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  172.530139][ T5177] ext4 filesystem being mounted at /97/file1 supports timestamps until 2038 (0x7fffffff)
[  172.530754][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  172.549038][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  172.557749][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  172.566402][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  172.587483][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  172.618949][ T4973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  172.640473][ T3585] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input9
[  172.664781][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  172.686587][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  172.919594][ T3585] Bluetooth: hci0: command 0x0419 tx timeout
[  173.201830][ T5193] netlink: 8 bytes leftover after parsing attributes in process `syz.2.478'.
[  173.213428][ T3525] usb 4-1: USB disconnect, device number 11
[  173.231025][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  173.239362][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  173.294025][ T3525] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  173.636304][ T5210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.481'.
[  173.673433][ T5210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.481'.
[  173.730758][   T26] audit: type=1326 audit(1720554734.477:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  173.771973][ T4973] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.818359][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  173.837380][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  173.855697][   T26] audit: type=1326 audit(1720554734.477:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  174.148361][   T26] audit: type=1326 audit(1720554734.487:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  174.264563][ T5226] device veth1_macvtap left promiscuous mode
[  174.281063][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  174.326217][   T26] audit: type=1326 audit(1720554734.497:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  174.355493][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  174.419087][ T5235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.488'.
[  174.460197][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  174.471291][ T5231] netlink: 72 bytes leftover after parsing attributes in process `syz.0.487'.
[  174.489249][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  174.491081][   T26] audit: type=1326 audit(1720554734.497:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  174.518518][ T4973] device veth0_vlan entered promiscuous mode
[  174.664424][   T26] audit: type=1326 audit(1720554734.497:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  174.671800][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  175.089305][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  175.115326][ T4973] device veth1_vlan entered promiscuous mode
[  175.162692][   T26] audit: type=1326 audit(1720554734.497:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  175.207951][   T26] audit: type=1326 audit(1720554734.497:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  175.261856][ T5255] loop2: detected capacity change from 0 to 256
[  175.319061][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  175.331976][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  175.340178][   T26] audit: type=1326 audit(1720554734.497:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  175.379120][ T4973] device veth0_macvtap entered promiscuous mode
[  175.411764][ T5255] exfat: Deprecated parameter 'namecase'
[  175.429427][ T4973] device veth1_macvtap entered promiscuous mode
[  175.439429][   T26] audit: type=1326 audit(1720554734.497:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz.2.482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f980c549bd9 code=0x7ffc0000
[  175.448857][ T5255] exfat: Deprecated parameter 'utf8'
[  175.479230][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  175.498040][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  175.530172][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  175.545625][ T5255] exfat: Deprecated parameter 'namecase'
[  175.998768][ T5255] exfat: Deprecated parameter 'utf8'
[  176.061326][ T3585] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  176.147299][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.440660][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.445975][ T3552] Bluetooth: hci2: command 0x0406 tx timeout
[  176.457449][ T3552] Bluetooth: hci3: command 0x0406 tx timeout
[  176.493789][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.523871][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.534869][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.545416][ T3585] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  176.554770][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.571024][ T3585] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.589468][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.605587][ T3585] usb 5-1: config 0 descriptor??
[  176.653781][ T4973] batman_adv: batadv0: Interface activated: batadv_slave_0
[  176.673212][ T5273] netlink: 8 bytes leftover after parsing attributes in process `syz.3.500'.
[  176.709497][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  176.729967][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  176.762658][ T5282] loop0: detected capacity change from 0 to 128
[  176.770470][ T5255] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d)
[  176.775979][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  176.821680][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.861005][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  176.931058][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.972120][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.008674][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.031660][ T4973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.048885][ T4973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.062086][ T4973] batman_adv: batadv0: Interface activated: batadv_slave_1
[  177.073971][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  177.084091][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  177.108727][ T4973] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.298244][ T3585] [drm:udl_init] *ERROR* Selecting channel failed
[  177.365541][ T3585] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2
[  177.393532][ T4973] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.444985][ T3585] [drm] Initialized udl on minor 2
[  177.474509][ T4973] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.511061][ T3585] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  177.551249][ T4973] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  177.589716][ T3585] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  177.708206][ T3585] usb 5-1: USB disconnect, device number 9
[  179.535942][ T3767] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.544882][ T3767] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.922437][ T5321] netlink: 72 bytes leftover after parsing attributes in process `syz.0.504'.
[  179.945770][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  180.049205][ T3638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.078599][ T3638] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.079841][ T5326] netlink: 8 bytes leftover after parsing attributes in process `syz.2.511'.
[  180.112804][ T5328] loop4: detected capacity change from 0 to 512
[  180.152409][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  180.338089][ T5333] loop2: detected capacity change from 0 to 512
[  180.343570][ T5328] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.512: invalid indirect mapped block 10 (level 1)
[  180.367526][ T5343] loop1: detected capacity change from 0 to 512
[  180.488078][ T5328] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.512: invalid indirect mapped block 8 (level 1)
[  180.504680][ T5333] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  180.513541][ T5328] EXT4-fs (loop4): 1 truncate cleaned up
[  180.530271][ T5328] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  180.551473][ T5333] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038 (0x7fffffff)
[  180.596483][ T5357] netlink: 1 bytes leftover after parsing attributes in process `syz.3.518'.
[  180.598332][ T5343] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.427: inode #1: comm syz.1.427: iget: illegal inode #
[  180.656039][ T5343] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.427: error while reading EA inode 1 err=-117
[  180.771988][ T5343] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  180.817765][ T5343] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.427: inode #1: comm syz.1.427: iget: illegal inode #
[  180.854766][ T5343] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.427: error while reading EA inode 1 err=-117
[  180.901174][ T1069] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  180.965843][ T5343] EXT4-fs (loop1): 1 orphan inode deleted
[  180.973238][ T5343] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback.
[  181.049511][ T5343] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.1.427: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  181.229631][ T5378] netlink: 72 bytes leftover after parsing attributes in process `syz.4.522'.
[  181.291747][ T1069] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  181.343747][ T1069] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.382901][ T5385] netlink: 8 bytes leftover after parsing attributes in process `syz.1.524'.
[  181.394035][ T1069] usb 4-1: config 0 descriptor??
[  181.437531][ T5370] loop2: detected capacity change from 0 to 8192
[  181.542293][ T5370] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  182.661189][ T1069] [drm:udl_init] *ERROR* Selecting channel failed
[  182.715266][ T1069] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2
[  182.775523][ T1069] [drm] Initialized udl on minor 2
[  182.808060][ T1069] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  182.858210][ T1069] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  182.868405][ T5400] netlink: 16 bytes leftover after parsing attributes in process `syz.1.530'.
[  182.908640][ T1069] usb 4-1: USB disconnect, device number 12
[  182.933297][ T5402] loop2: detected capacity change from 0 to 512
[  183.112263][ T5402] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  183.156783][ T5402] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038 (0x7fffffff)
[  183.525678][ T3927] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  183.549761][ T5383] loop0: detected capacity change from 0 to 40427
[  183.559156][ T5418] netlink: 8 bytes leftover after parsing attributes in process `syz.1.536'.
[  183.812835][ T3927] usb 5-1: Using ep0 maxpacket: 8
[  183.891687][ T5383] F2FS-fs (loop0): invalid crc value
[  183.951329][ T3927] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  183.967452][ T3927] usb 5-1: config 179 has no interface number 0
[  183.987398][ T5383] F2FS-fs (loop0): Found nat_bits in checkpoint
[  184.031408][ T3927] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  184.119482][ T3927] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  184.191259][ T3927] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  184.266817][ T5383] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  184.438494][ T3927] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  184.450212][ T3927] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  184.464438][ T3927] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  184.468372][ T5435] netlink: 72 bytes leftover after parsing attributes in process `syz.3.539'.
[  184.473578][ T3927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.501819][ T5408] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  185.414213][ T5439] netlink: 16 bytes leftover after parsing attributes in process `syz.1.543'.
[  185.624931][ T5444] loop1: detected capacity change from 0 to 2048
[  185.803838][ T5444] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  185.950630][ T3512] usb 5-1: USB disconnect, device number 10
[  185.971031][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  185.979364][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  186.486988][   T26] kauditd_printk_skb: 19 callbacks suppressed
[  186.487004][   T26] audit: type=1804 audit(1720554747.237:37): pid=5444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.545" name="/newroot/12/file1/bus" dev="loop1" ino=18 res=1 errno=0
[  186.550616][ T5450] loop0: detected capacity change from 0 to 8192
[  186.588558][ T3557] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  186.612192][ T4973] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  186.659658][ T5450] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  186.693130][   T26] audit: type=1800 audit(1720554747.447:38): pid=5450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.542" name="bus" dev="loop0" ino=1048751 res=0 errno=0
[  186.797386][ T5450] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1050)
[  186.807993][ T5450] FAT-fs (loop0): Filesystem has been set read-only
[  186.826125][ T5450] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1050)
[  186.846503][ T5450] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1050)
[  186.930146][ T5464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.547'.
[  187.051922][ T4506] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1050)
[  187.487296][ T5471] loop4: detected capacity change from 0 to 256
[  187.837493][ T3557] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  187.848421][ T3557] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.861275][ T3557] usb 3-1: config 0 descriptor??
[  187.903148][ T5471] FAT-fs (loop4): Directory bread(block 64) failed
[  187.909774][ T5471] FAT-fs (loop4): Directory bread(block 65) failed
[  187.910780][ T5475] loop0: detected capacity change from 0 to 512
[  187.916615][ T5471] FAT-fs (loop4): Directory bread(block 66) failed
[  187.929258][ T5471] FAT-fs (loop4): Directory bread(block 67) failed
[  187.935896][ T5471] FAT-fs (loop4): Directory bread(block 68) failed
[  187.942525][ T5471] FAT-fs (loop4): Directory bread(block 69) failed
[  187.949217][ T5471] FAT-fs (loop4): Directory bread(block 70) failed
[  187.955824][ T5471] FAT-fs (loop4): Directory bread(block 71) failed
[  187.963612][ T5471] FAT-fs (loop4): Directory bread(block 72) failed
[  187.970187][ T5471] FAT-fs (loop4): Directory bread(block 73) failed
[  187.979303][ T5473] device syzkaller0 entered promiscuous mode
[  188.077189][ T5475] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  188.086683][ T5477] loop1: detected capacity change from 0 to 256
[  188.110584][ T5475] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038 (0x7fffffff)
[  188.182055][ T5477] FAT-fs (loop1): Directory bread(block 64) failed
[  188.291841][ T5477] FAT-fs (loop1): Directory bread(block 65) failed
[  188.341437][ T3557] [drm:udl_init] *ERROR* Selecting channel failed
[  188.366300][ T5477] FAT-fs (loop1): Directory bread(block 66) failed
[  188.373364][ T5477] FAT-fs (loop1): Directory bread(block 67) failed
[  188.380353][ T5477] FAT-fs (loop1): Directory bread(block 68) failed
[  188.387163][ T5477] FAT-fs (loop1): Directory bread(block 69) failed
[  188.392903][ T3557] [drm] Initialized udl 0.0.1 20120220 for 3-1:0.0 on minor 2
[  188.393968][ T5477] FAT-fs (loop1): Directory bread(block 70) failed
[  188.407818][ T5477] FAT-fs (loop1): Directory bread(block 71) failed
[  188.475202][ T5477] FAT-fs (loop1): Directory bread(block 72) failed
[  188.482128][ T5477] FAT-fs (loop1): Directory bread(block 73) failed
[  189.157245][ T3557] [drm] Initialized udl on minor 2
[  189.182125][ T3557] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  189.288273][ T3557] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  189.297968][ T5487] netlink: 72 bytes leftover after parsing attributes in process `syz.3.556'.
[  189.311797][ T3525] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  189.324801][ T3557] usb 3-1: USB disconnect, device number 5
[  189.671460][ T3525] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.701708][ T3525] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.741238][ T3525] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  189.771187][ T3525] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.858536][ T3525] usb 5-1: config 0 descriptor??
[  190.811720][ T3525] hid (null): bogus close delimiter
[  191.967418][ T5521] loop2: detected capacity change from 0 to 256
[  192.071125][ T3525] usb 5-1: string descriptor 0 read error: -71
[  192.093529][ T3525] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71
[  192.112718][ T3525] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71
[  192.120846][ T3525] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71
[  192.126455][ T5521] FAT-fs (loop2): Directory bread(block 64) failed
[  192.169300][ T3525] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[  192.187079][ T3525] uclogic: probe of 0003:256C:006D.0003 failed with error -71
[  192.197495][ T5521] FAT-fs (loop2): Directory bread(block 65) failed
[  192.217598][ T3525] usb 5-1: USB disconnect, device number 11
[  192.264570][ T5521] FAT-fs (loop2): Directory bread(block 66) failed
[  192.331106][ T5521] FAT-fs (loop2): Directory bread(block 67) failed
[  192.341396][ T5521] FAT-fs (loop2): Directory bread(block 68) failed
[  192.371163][ T5521] FAT-fs (loop2): Directory bread(block 69) failed
[  192.377847][ T5521] FAT-fs (loop2): Directory bread(block 70) failed
[  192.425027][ T5521] FAT-fs (loop2): Directory bread(block 71) failed
[  192.461295][ T5521] FAT-fs (loop2): Directory bread(block 72) failed
[  192.483313][ T5521] FAT-fs (loop2): Directory bread(block 73) failed
[  192.689833][ T5523] loop4: detected capacity change from 0 to 512
[  192.841234][ T5523] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  192.868950][ T5523] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038 (0x7fffffff)
[  193.784557][ T5534] netlink: 72 bytes leftover after parsing attributes in process `syz.0.570'.
[  193.911121][ T3585] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  194.113359][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  194.119792][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  194.331187][ T3585] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  194.351755][ T3585] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.396157][ T3585] usb 4-1: config 0 descriptor??
[  194.598423][ T5559] loop2: detected capacity change from 0 to 256
[  194.673235][ T5559] exfat: Deprecated parameter 'utf8'
[  194.682621][ T5559] exfat: Deprecated parameter 'utf8'
[  194.812085][ T5562] input: syz0 as /devices/virtual/input/input10
[  194.818797][ T5559] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  194.879277][ T5554] loop4: detected capacity change from 0 to 256
[  194.886238][ T3585] [drm:udl_init] *ERROR* Selecting channel failed
[  195.084238][ T3585] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2
[  195.092017][ T3585] [drm] Initialized udl on minor 2
[  195.111154][ T3585] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  195.119742][ T3585] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  195.179954][ T3585] usb 4-1: USB disconnect, device number 13
[  195.207342][ T1069] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  195.370091][ T5554] FAT-fs (loop4): Directory bread(block 64) failed
[  195.378006][ T1069] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed
[  195.424808][ T5554] FAT-fs (loop4): Directory bread(block 65) failed
[  195.446991][ T1069] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  195.464329][ T5554] FAT-fs (loop4): Directory bread(block 66) failed
[  195.497185][ T5554] FAT-fs (loop4): Directory bread(block 67) failed
[  195.591642][ T5554] FAT-fs (loop4): Directory bread(block 68) failed
[  195.641085][ T5554] FAT-fs (loop4): Directory bread(block 69) failed
[  195.670403][ T5554] FAT-fs (loop4): Directory bread(block 70) failed
[  195.690613][ T5554] FAT-fs (loop4): Directory bread(block 71) failed
[  195.758606][ T5561] loop1: detected capacity change from 0 to 32768
[  195.902042][ T5561] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.580 (5561)
[  195.956933][ T5554] FAT-fs (loop4): Directory bread(block 72) failed
[  195.964947][ T5554] FAT-fs (loop4): Directory bread(block 73) failed
[  196.158045][ T5561] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  196.331484][ T5561] BTRFS info (device loop1): using free space tree
[  196.412383][ T5561] BTRFS info (device loop1): has skinny extents
[  197.021178][ T5561] BTRFS info (device loop1): enabling ssd optimizations
[  197.163629][   T26] audit: type=1800 audit(1720554757.917:39): pid=5561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.580" name="file1" dev="loop1" ino=260 res=0 errno=0
[  197.280621][ T5606] netlink: 156 bytes leftover after parsing attributes in process `syz.2.589'.
[  198.384238][ T5613] netlink: 72 bytes leftover after parsing attributes in process `syz.4.586'.
[  198.424639][ T5617] loop0: detected capacity change from 0 to 256
[  198.445051][ T5619] loop2: detected capacity change from 0 to 512
[  198.532322][ T5617] exfat: Deprecated parameter 'utf8'
[  198.540386][ T5617] exfat: Deprecated parameter 'utf8'
[  198.557751][ T5619] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  198.627543][ T5617] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  198.634987][ T5619] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038 (0x7fffffff)
[  200.070708][ T5636] sched: RT throttling activated
[  201.977647][ T5642] netlink: 156 bytes leftover after parsing attributes in process `syz.4.601'.
[  202.409753][ T5648] device syz_tun entered promiscuous mode
[  202.471231][ T5648] device syz_tun left promiscuous mode
[  202.837583][ T5683] netlink: 72 bytes leftover after parsing attributes in process `syz.3.608'.
[  202.848426][ T5679] loop4: detected capacity change from 0 to 256
[  202.907954][ T5679] exfat: Deprecated parameter 'utf8'
[  202.924954][ T5679] exfat: Deprecated parameter 'utf8'
[  203.018854][ T5693] netlink: 156 bytes leftover after parsing attributes in process `syz.2.613'.
[  203.043383][ T5679] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  203.672561][ T5714] loop0: detected capacity change from 0 to 2048
[  203.785994][ T5714] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  203.825284][ T5714] ext4 filesystem being mounted at /41/bus supports timestamps until 2038 (0x7fffffff)
[  203.920519][ T5714] fs-verity: sha512 using implementation "sha512-avx2"
[  204.436552][ T5733] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  204.554309][ T5735] loop1: detected capacity change from 0 to 2048
[  204.674667][ T5735] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  204.796608][ T5707] loop2: detected capacity change from 0 to 32768
[  204.860471][ T5707] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.616 (5707)
[  204.919116][ T5707] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  204.957641][ T5707] BTRFS info (device loop2): using free space tree
[  204.988979][ T5748] netlink: 72 bytes leftover after parsing attributes in process `syz.4.632'.
[  205.005516][ T5707] BTRFS info (device loop2): has skinny extents
[  207.084973][ T5707] BTRFS error (device loop2): open_ctree failed
[  207.332499][ T5804] : renamed from ipvlan1
[  207.351705][   T21] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  207.589110][ T5819] loop0: detected capacity change from 0 to 128
[  207.596451][ T5820] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  207.621267][   T21] usb 2-1: Using ep0 maxpacket: 32
[  207.725505][ T4506] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000074f)
[  207.751158][   T21] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  207.759940][ T4506] FAT-fs (loop0): Filesystem has been set read-only
[  207.776478][   T21] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  207.791354][ T4506] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000074f)
[  207.799411][   T21] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  207.831596][   T21] usb 2-1: config 1 has no interface number 0
[  207.837833][   T21] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  207.856875][   T21] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  207.880515][   T21] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  207.900782][   T21] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.963888][   T21] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  208.081074][ T3585] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  208.171043][ T5798] udc-core: couldn't find an available UDC or it's busy
[  208.190293][ T5798] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  208.287834][ T3639] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.397628][ T3639] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.467468][ T5847] netlink: 8 bytes leftover after parsing attributes in process `syz.3.669'.
[  208.491372][ T3585] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.513864][ T3585] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.545178][ T3585] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  208.573690][ T3585] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.590739][   T21] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  208.607438][ T3639] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.622572][ T3585] usb 3-1: config 0 descriptor??
[  208.707103][ T3639] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.092027][ T3585] hid (null): report_id 55574 is invalid
[  209.183983][ T5849] chnl_net:caif_netlink_parms(): no params data found
[  209.302602][ T5659] usb 3-1: USB disconnect, device number 6
[  209.536330][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.572094][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.605479][ T5849] device bridge_slave_0 entered promiscuous mode
[  209.621583][ T5881] syz.3.675 uses obsolete (PF_INET,SOCK_PACKET)
[  209.633817][   T21] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  209.731813][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.740781][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.753687][ T5849] device bridge_slave_1 entered promiscuous mode
[  209.918142][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.985066][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.007141][ T5659] usb 2-1: USB disconnect, device number 8
[  210.021257][ T5659] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  210.362648][ T5849] team0: Port device team_slave_0 added
[  210.380323][ T5905] netlink: 8 bytes leftover after parsing attributes in process `syz.4.681'.
[  210.478591][   T26] audit: type=1800 audit(1720554771.207:40): pid=5907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.680" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  211.002910][   T21] Bluetooth: hci1: command 0x0409 tx timeout
[  211.216836][ T5849] team0: Port device team_slave_1 added
[  211.232494][ T5915] netlink: 20 bytes leftover after parsing attributes in process `syz.1.685'.
[  211.331846][ T3639] device hsr_slave_0 left promiscuous mode
[  211.383702][ T3639] device hsr_slave_1 left promiscuous mode
[  211.401350][ T3639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  211.408860][ T3639] batman_adv: batadv0: Removing interface: batadv_slave_0
[  211.463679][ T3639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  211.477109][ T3639] batman_adv: batadv0: Removing interface: batadv_slave_1
[  211.500741][ T3639] device bridge_slave_1 left promiscuous mode
[  211.519798][ T3639] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.567382][ T3639] device bridge_slave_0 left promiscuous mode
[  211.577179][ T3639] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.625926][ T3639] device veth1_macvtap left promiscuous mode
[  211.654672][ T3639] device veth0_macvtap left promiscuous mode
[  211.679319][ T3639] device veth1_vlan left promiscuous mode
[  211.703663][ T3639] device veth0_vlan left promiscuous mode
[  212.388227][ T3639] team0 (unregistering): Port device team_slave_1 removed
[  212.418809][ T3639] team0 (unregistering): Port device team_slave_0 removed
[  212.471375][ T3639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  212.547072][ T3639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  212.918035][ T3639] bond0 (unregistering): Released all slaves
[  213.037906][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[  213.062003][ T3585] Bluetooth: hci1: command 0x041b tx timeout
[  213.073393][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.155503][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  213.182513][ T5953] netlink: 8 bytes leftover after parsing attributes in process `syz.1.693'.
[  213.210364][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[  213.227168][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.325599][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  213.361912][ T5955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.694'.
[  213.480864][ T5849] device hsr_slave_0 entered promiscuous mode
[  213.505465][ T5849] device hsr_slave_1 entered promiscuous mode
[  213.532906][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  213.552717][ T5849] Cannot create hsr debugfs directory
[  213.751700][ T3523] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  213.753259][ T5970] ipt_CLUSTERIP: Please specify destination IP
[  213.761844][ T3523] CPU: 1 PID: 3523 Comm: kworker/u5:7 Not tainted 5.15.162-syzkaller #0
[  213.761914][ T3523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  213.761930][ T3523] Workqueue: hci3 hci_rx_work
[  213.761960][ T3523] Call Trace:
[  213.761968][ T3523]  <TASK>
[  213.797338][ T3523]  dump_stack_lvl+0x1e3/0x2d0
[  213.802026][ T3523]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  213.807657][ T3523]  ? panic+0x860/0x860
[  213.811728][ T3523]  ? sysfs_create_dir_ns+0x282/0x390
[  213.817032][ T3523]  sysfs_create_dir_ns+0x2c6/0x390
[  213.822143][ T3523]  ? sysfs_warn_dup+0xa0/0xa0
[  213.826813][ T3523]  ? do_raw_spin_unlock+0x137/0x8b0
[  213.832022][ T3523]  kobject_add_internal+0x6e0/0xe00
[  213.837223][ T3523]  kobject_add+0x14e/0x210
[  213.841652][ T3523]  ? device_add+0x3c2/0xfd0
[  213.846149][ T3523]  ? kobject_init+0x1d0/0x1d0
[  213.850816][ T3523]  ? __raw_spin_lock_init+0x41/0x100
[  213.856097][ T3523]  ? get_device_parent+0x128/0x400
[  213.861207][ T3523]  device_add+0x476/0xfd0
[  213.865543][ T3523]  hci_conn_add_sysfs+0xe4/0x1f0
[  213.870483][ T3523]  le_conn_complete_evt+0xc15/0x1500
[  213.875779][ T3523]  ? cs_le_create_conn+0x5f0/0x5f0
[  213.880902][ T3523]  hci_le_meta_evt+0xd86/0x3f50
[  213.885754][ T3523]  ? __lock_acquire+0x1ff0/0x1ff0
[  213.890773][ T3523]  ? __mutex_lock_common+0x444/0x25a0
[  213.896149][ T3523]  ? hci_remote_host_features_evt+0x280/0x280
[  213.902215][ T3523]  ? __mutex_unlock_slowpath+0x218/0x750
[  213.907845][ T3523]  ? hci_event_packet+0x3b4/0x1550
[  213.912959][ T3523]  ? mutex_unlock+0x10/0x10
[  213.917457][ T3523]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  213.923432][ T3523]  ? print_irqtrace_events+0x210/0x210
[  213.928891][ T3523]  hci_event_packet+0xc41/0x1550
[  213.933854][ T3523]  ? rcu_lock_release+0x20/0x20
[  213.938714][ T3523]  ? hci_send_to_monitor+0x99/0x4d0
[  213.943908][ T3523]  hci_rx_work+0x232/0x990
[  213.948327][ T3523]  process_one_work+0x8a1/0x10c0
[  213.953268][ T3523]  ? worker_detach_from_pool+0x260/0x260
[  213.958900][ T3523]  ? _raw_spin_lock_irqsave+0x120/0x120
[  213.964443][ T3523]  ? kthread_data+0x4e/0xc0
[  213.968944][ T3523]  ? wq_worker_running+0x97/0x170
[  213.973967][ T3523]  worker_thread+0xaca/0x1280
[  213.978649][ T3523]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  213.984560][ T3523]  kthread+0x3f6/0x4f0
[  213.988624][ T3523]  ? rcu_lock_release+0x20/0x20
[  213.993472][ T3523]  ? kthread_blkcg+0xd0/0xd0
[  213.998078][ T3523]  ret_from_fork+0x1f/0x30
[  214.002526][ T3523]  </TASK>
[  214.007165][ T3523] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  214.020865][ T3523] Bluetooth: hci3: failed to register connection device
[  214.357110][ T5988] netlink: 12 bytes leftover after parsing attributes in process `syz.4.703'.
[  214.409866][ T3555] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  214.771204][ T3555] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  214.804384][ T3555] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.859674][ T3555] usb 2-1: config 0 descriptor??
[  214.951073][   T21] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  215.072857][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  215.098395][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  215.137057][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  215.144110][ T3585] Bluetooth: hci1: command 0x040f tx timeout
[  215.180485][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  215.361183][ T3555] [drm:udl_init] *ERROR* Selecting channel failed
[  215.361395][   T21] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  215.413794][   T21] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 142, changing to 11
[  215.431789][ T3555] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2
[  215.463295][   T21] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26063, setting to 1024
[  215.484197][ T3555] [drm] Initialized udl on minor 2
[  215.521327][ T3555] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  215.528527][   T21] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  215.541846][ T3555] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  215.554588][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.590131][ T3555] usb 2-1: USB disconnect, device number 9
[  215.626422][   T21] usb 5-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  215.657240][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[  215.676456][   T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.762294][   T21] usb 5-1: config 0 descriptor??
[  215.780706][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  215.788489][ T6004] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  215.802136][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  215.831664][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  215.881016][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  215.918513][   T23] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.925690][   T23] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.012206][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  216.043179][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  216.065944][   T23] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.073115][   T23] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.124683][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  216.202810][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  216.258033][   T21] gt683r_led 0003:1770:FF00.0005: hidraw0: USB HID v0.00 Device [HID 1770:ff00] on usb-dummy_hcd.4-1/input0
[  216.271250][ T6025] netlink: 72 bytes leftover after parsing attributes in process `syz.1.710'.
[  216.289086][ T5849] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  216.358456][ T5849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  216.401257][ T3927] Bluetooth: hci3: command 0x2016 tx timeout
[  216.454107][ T3555] usb 5-1: USB disconnect, device number 12
[  216.469444][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  216.484590][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  216.532669][ T5652] gt683r_led 0003:1770:FF00.0005: failed to send set report request: -19
[  216.559692][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  216.631329][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  216.662031][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  216.695150][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  216.727744][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  216.756756][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  216.782618][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  216.836347][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  216.874785][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  217.162388][ T6045] netlink: 12 bytes leftover after parsing attributes in process `syz.4.714'.
[  217.244842][ T3927] Bluetooth: hci1: command 0x0419 tx timeout
[  217.262517][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  217.283980][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  217.325213][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[  217.521605][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  217.534096][ T6063] loop1: detected capacity change from 0 to 2048
[  217.571990][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  217.641447][ T5647] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  217.669799][ T5659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  217.682268][ T5659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  217.747681][ T5849] device veth0_vlan entered promiscuous mode
[  217.768627][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  217.768819][ T6063] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  217.785537][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  217.811378][ T6063] ext4 filesystem being mounted at /43/bus supports timestamps until 2038 (0x7fffffff)
[  217.868709][ T5849] device veth1_vlan entered promiscuous mode
[  218.001157][ T5647] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  218.012539][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  218.035559][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  218.041195][ T5647] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.070881][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  218.217612][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  218.230303][ T5849] device veth0_macvtap entered promiscuous mode
[  218.252172][ T5647] usb 5-1: config 0 descriptor??
[  218.294680][ T5849] device veth1_macvtap entered promiscuous mode
[  218.317508][ T6089] netlink: 72 bytes leftover after parsing attributes in process `syz.3.722'.
[  218.459879][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.482781][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.495073][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.506424][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.517573][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.529594][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.541028][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.553811][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.570549][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[  218.601750][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  218.669061][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  218.740260][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  218.807743][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  218.831194][ T5647] [drm:udl_init] *ERROR* Selecting channel failed
[  218.842552][ T5647] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2
[  218.850383][ T5647] [drm] Initialized udl on minor 2
[  218.871088][ T5647] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  218.883466][ T5647] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  218.892859][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.910715][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.927116][ T5647] usb 5-1: USB disconnect, device number 13
[  218.933232][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.016319][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.027631][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.048809][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.066338][ T6108] loop1: detected capacity change from 0 to 512
[  219.089990][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.120887][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.148350][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[  219.174570][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  219.203404][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  219.236751][ T5849] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  219.281527][ T5849] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  219.305306][ T6108] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  219.315886][ T3585] Bluetooth: hci1: command 0x0411 tx timeout
[  219.316521][ T6108] ext4 filesystem being mounted at /45/bus supports timestamps until 2038 (0x7fffffff)
[  219.427617][ T5849] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  219.488094][ T5849] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  219.555445][ T6125] netlink: 12 bytes leftover after parsing attributes in process `syz.4.728'.
[  219.786639][ T3767] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.864432][ T3767] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.896433][ T3766] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.901132][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  219.926051][ T3766] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.004000][ T6140] loop4: detected capacity change from 0 to 2048
[  220.099298][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  220.172549][ T6140] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  220.230917][ T6140] ext4 filesystem being mounted at /144/bus supports timestamps until 2038 (0x7fffffff)
[  220.614199][ T6157] netlink: 72 bytes leftover after parsing attributes in process `syz.2.733'.
[  221.501121][ T3555] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  221.723374][ T6186] loop1: detected capacity change from 0 to 2048
[  221.821133][ T5659] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  221.883464][ T6186] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  221.899284][ T6186] ext4 filesystem being mounted at /47/bus supports timestamps until 2038 (0x7fffffff)
[  221.911205][ T3555] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  221.920495][ T3555] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.930749][ T3555] usb 1-1: config 0 descriptor??
[  221.980262][ T6194] device veth0_to_hsr entered promiscuous mode
[  221.987477][ T6194] device vlan3 entered promiscuous mode
[  222.003473][ T5647] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  222.012125][ T6194] device veth0_to_hsr left promiscuous mode
[  222.068720][ T5659] usb 3-1: Using ep0 maxpacket: 8
[  222.169768][ T6201] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  222.192288][ T5659] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  222.205016][ T5659] usb 3-1: config 179 has no interface number 0
[  222.215937][ T5659] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  222.228753][ T5659] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  222.241075][ T5659] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  222.252933][ T5659] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  222.269138][ T5659] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  222.280478][ T6204] netlink: 72 bytes leftover after parsing attributes in process `syz.1.750'.
[  222.298355][ T5659] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  222.308359][ T5659] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.341603][ T6181] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  222.381156][ T5647] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  222.393875][ T5647] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.404080][ T3555] [drm:udl_init] *ERROR* Selecting channel failed
[  222.425119][ T3555] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2
[  222.433231][ T5647] usb 5-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00
[  222.443566][ T3555] [drm] Initialized udl on minor 2
[  222.454961][ T5647] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.471117][ T3555] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  222.488579][ T5647] usb 5-1: config 0 descriptor??
[  222.494037][ T3555] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  222.522895][ T3555] usb 1-1: USB disconnect, device number 4
[  222.681151][ T5650] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  222.782140][ T5659] usb 3-1: USB disconnect, device number 7
[  222.801017][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  222.931044][ T5650] usb 4-1: Using ep0 maxpacket: 32
[  222.974041][ T5647] wacom 0003:056A:0043.0006: item fetching failed at offset 5/7
[  223.008321][ T5647] wacom 0003:056A:0043.0006: parse failed
[  223.020514][ T5647] wacom: probe of 0003:056A:0043.0006 failed with error -22
[  223.051258][ T5650] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.081719][ T5650] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.096132][ T5650] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  223.113062][ T5650] usb 4-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  223.122452][ T5650] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.139905][ T5650] usb 4-1: config 0 descriptor??
[  223.184212][ T5647] usb 5-1: USB disconnect, device number 14
[  224.143268][ T5650] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0
[  224.160449][ T5650] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0
[  224.177970][ T5650] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0
[  224.188105][ T5650] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0
[  224.205920][ T5650] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0
[  224.226695][ T5650] ntrig 0003:1B96:000A.0007: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.3-1/input0
[  224.295628][ T6223] input: syz1 as /devices/virtual/input/input11
[  224.662891][ T6224] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.671294][ T6224] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.350137][ T5650] usb 4-1: USB disconnect, device number 14
[  225.444191][ T6228] loop0: detected capacity change from 0 to 2048
[  225.543280][ T6230] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  225.598608][ T6228] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  225.611009][ T6228] ext4 filesystem being mounted at /8/bus supports timestamps until 2038 (0x7fffffff)
[  225.686427][ T6239] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  225.815450][ T6243] loop0: detected capacity change from 0 to 512
[  225.905097][ T6243] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  225.916605][ T6243] ext4 filesystem being mounted at /9/bus supports timestamps until 2038 (0x7fffffff)
[  225.981440][ T3554] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  226.061264][ T3585] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  226.361124][ T3554] usb 5-1: Using ep0 maxpacket: 32
[  226.848190][ T6252] netlink: 72 bytes leftover after parsing attributes in process `syz.3.763'.
[  226.915826][ T3554] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.931269][ T3585] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  227.074251][ T3554] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.088308][ T3585] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.112772][ T3554] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  227.135632][ T3585] usb 2-1: config 0 descriptor??
[  227.150184][ T3554] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  227.160308][ T3554] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.190998][ T3554] usb 5-1: config 0 descriptor??
[  227.511345][ T3927] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  227.611206][ T3585] [drm:udl_init] *ERROR* Selecting channel failed
[  227.674529][ T3585] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2
[  227.683759][ T3585] [drm] Initialized udl on minor 2
[  227.711430][ T3585] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[  227.724449][ T3585] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  227.751136][ T3554] usbhid 5-1:0.0: can't add hid device: -71
[  227.764798][ T3554] usbhid: probe of 5-1:0.0 failed with error -71
[  227.789165][ T3585] usb 2-1: USB disconnect, device number 10
[  227.814540][ T3554] usb 5-1: USB disconnect, device number 15
[  227.901304][ T3927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.912861][ T3927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.925321][ T3927] usb 4-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00
[  227.934948][ T3927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.961727][ T3927] usb 4-1: config 0 descriptor??
[  228.463988][ T3927] wacom 0003:056A:0043.0008: item fetching failed at offset 5/7
[  228.472227][ T3927] wacom 0003:056A:0043.0008: parse failed
[  228.477994][ T3927] wacom: probe of 0003:056A:0043.0008 failed with error -22
[  228.523528][ T6266] device veth0_to_hsr entered promiscuous mode
[  228.539380][ T6266] device vlan2 entered promiscuous mode
[  228.880462][ T6266] device veth0_to_hsr left promiscuous mode
[  229.454134][ T3512] usb 4-1: USB disconnect, device number 15
[  229.484512][ T6269] loop2: detected capacity change from 0 to 1024
[  229.808802][ T6269] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback.
[  229.880848][   T26] audit: type=1800 audit(1720554790.627:41): pid=6269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.768" name="bus" dev="loop2" ino=18 res=0 errno=0
[  230.085186][ T6278] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.092576][ T6278] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.255123][ T3585] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  230.880388][ T6280] loop0: detected capacity change from 0 to 2048
[  230.931106][    C0] ------------[ cut here ]------------
[  230.931164][    C0] 
[  230.931170][    C0] ======================================================
[  230.931183][    C0] WARNING: possible circular locking dependency detected
[  230.931189][    C0] 5.15.162-syzkaller #0 Not tainted
[  230.931199][    C0] ------------------------------------------------------
[  230.931204][    C0] syz.3.765/6258 is trying to acquire lock:
[  230.931214][    C0] ffffffff8c7fc378 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x1c/0xa0
[  230.931260][    C0] 
[  230.931260][    C0] but task is already holding lock:
[  230.931265][    C0] ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260
[  230.931302][    C0] 
[  230.931302][    C0] which lock already depends on the new lock.
[  230.931302][    C0] 
[  230.931306][    C0] 
[  230.931306][    C0] the existing dependency chain (in reverse order) is:
[  230.931310][    C0] 
[  230.931310][    C0] -> #3 (&base->lock){-.-.}-{2:2}:
[  230.931330][    C0]        lock_acquire+0x1db/0x4f0
[  230.931345][    C0]        _raw_spin_lock_irqsave+0xd1/0x120
[  230.931365][    C0]        lock_timer_base+0x120/0x260
[  230.931381][    C0]        __mod_timer+0x1d6/0xeb0
[  230.931397][    C0]        queue_delayed_work_on+0x156/0x250
[  230.931414][    C0]        enqueue_task+0x2fe/0x3a0
[  230.931430][    C0]        wake_up_new_task+0x515/0xb60
[  230.931449][    C0]        kernel_clone+0x44e/0x960
[  230.931462][    C0]        kernel_thread+0x168/0x1e0
[  230.931476][    C0]        rest_init+0x21/0x330
[  230.931491][    C0]        start_kernel+0x48c/0x540
[  230.931508][    C0]        secondary_startup_64_no_verify+0xb1/0xbb
[  230.931528][    C0] 
[  230.931528][    C0] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  230.931549][    C0]        lock_acquire+0x1db/0x4f0
[  230.931561][    C0]        _raw_spin_lock_nested+0x2d/0x40
[  230.931575][    C0]        raw_spin_rq_lock_nested+0x26/0x140
[  230.931590][    C0]        task_fork_fair+0x5d/0x350
[  230.931605][    C0]        sched_cgroup_fork+0x2d3/0x330
[  230.931622][    C0]        copy_process+0x224a/0x3ef0
[  230.931637][    C0]        kernel_clone+0x210/0x960
[  230.931652][    C0]        kernel_thread+0x168/0x1e0
[  230.931666][    C0]        rest_init+0x21/0x330
[  230.931682][    C0]        start_kernel+0x48c/0x540
[  230.931699][    C0]        secondary_startup_64_no_verify+0xb1/0xbb
[  230.931715][    C0] 
[  230.931715][    C0] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  230.931736][    C0]        lock_acquire+0x1db/0x4f0
[  230.931741][ T3585] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  230.931749][    C0]        _raw_spin_lock_irqsave+0xd1/0x120
[  230.931767][    C0]        try_to_wake_up+0xae/0x1300
[  230.931783][    C0]        up+0x6e/0x90
[  230.931796][    C0]        __up_console_sem+0x11a/0x1e0
[  230.931810][    C0]        console_unlock+0x1145/0x12b0
[  230.931825][    C0]        vprintk_emit+0xbf/0x150
[  230.931839][    C0]        _printk+0xd1/0x120
[  230.931857][    C0]        addrconf_notify+0xa80/0xf30
[  230.931874][    C0]        raw_notifier_call_chain+0xd0/0x170
[  230.931894][    C0]        netdev_state_change+0x1a3/0x250
[  230.931913][    C0]        linkwatch_do_dev+0x10c/0x160
[  230.931932][    C0]        __linkwatch_run_queue+0x4ca/0x7f0
[  230.931951][    C0]        linkwatch_event+0x48/0x50
[  230.931968][    C0]        process_one_work+0x8a1/0x10c0
[  230.931986][    C0]        worker_thread+0xaca/0x1280
[  230.932003][    C0]        kthread+0x3f6/0x4f0
[  230.932017][    C0]        ret_from_fork+0x1f/0x30
[  230.932033][    C0] 
[  230.932033][    C0] -> #0 ((console_sem).lock){-.-.}-{2:2}:
[  230.932057][    C0]        validate_chain+0x1649/0x5930
[  230.932072][    C0]        __lock_acquire+0x1295/0x1ff0
[  230.932087][    C0]        lock_acquire+0x1db/0x4f0
[  230.932101][    C0]        _raw_spin_lock_irqsave+0xd1/0x120
[  230.932120][    C0]        down_trylock+0x1c/0xa0
[  230.932137][    C0]        __down_trylock_console_sem+0x105/0x250
[  230.932153][    C0]        console_trylock_spinning+0x8a/0x3f0
[  230.932177][    C0]        vprintk_emit+0xa6/0x150
[  230.932192][    C0]        _printk+0xd1/0x120
[  230.932209][    C0]        report_bug+0x1e5/0x2e0
[  230.932229][    C0]        handle_bug+0x3d/0x70
[  230.932244][    C0]        exc_invalid_op+0x16/0x40
[  230.932260][    C0]        asm_exc_invalid_op+0x16/0x20
[  230.932276][    C0]        copy_from_user_nofault+0x15c/0x1c0
[  230.932293][    C0]        bpf_probe_read_user+0x26/0x70
[  230.932309][    C0]        bpf_prog_02073d59a3c0f06f+0x3d/0xa80
[  230.932323][    C0]        bpf_trace_run3+0x1d1/0x380
[  230.932340][    C0]        enqueue_timer+0x3ae/0x540
[  230.932358][    C0]        __mod_timer+0xa60/0xeb0
[  230.932374][    C0]        mrp_join_timer+0x14b/0x180
[  230.932391][    C0]        call_timer_fn+0x16d/0x560
[  230.932405][    C0]        __run_timers+0x67c/0x890
[  230.932423][    C0]        run_timer_softirq+0x63/0xf0
[  230.932441][    C0]        handle_softirqs+0x3a7/0x930
[  230.932456][    C0]        __irq_exit_rcu+0x157/0x240
[  230.932471][    C0]        irq_exit_rcu+0x5/0x20
[  230.932485][    C0]        sysvec_apic_timer_interrupt+0x43/0xb0
[  230.932504][    C0]        asm_sysvec_apic_timer_interrupt+0x16/0x20
[  230.932521][    C0] 
[  230.932521][    C0] other info that might help us debug this:
[  230.932521][    C0] 
[  230.932527][    C0] Chain exists of:
[  230.932527][    C0]   (console_sem).lock --> &rq->__lock --> &base->lock
[  230.932527][    C0] 
[  230.932554][    C0]  Possible unsafe locking scenario:
[  230.932554][    C0] 
[  230.932558][    C0]        CPU0                    CPU1
[  230.932562][    C0]        ----                    ----
[  230.932566][    C0]   lock(&base->lock);
[  230.932576][    C0]                                lock(&rq->__lock);
[  230.932587][    C0]                                lock(&base->lock);
[  230.932598][    C0]   lock((console_sem).lock);
[  230.932608][    C0] 
[  230.932608][    C0]  *** DEADLOCK ***
[  230.932608][    C0] 
[  230.932611][    C0] 4 locks held by syz.3.765/6258:
[  230.932622][    C0]  #0: ffffc900032c7b40 ((&app->join_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x560
[  230.932662][    C0]  #1: ffff8880654c3cc8 (&app->lock){+.-.}-{2:2}, at: mrp_join_timer+0xc8/0x180
[  230.932702][    C0]  #2: ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260
[  230.932764][    C0]  #3: ffffffff8c91fb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  230.932807][    C0] 
[  230.932807][    C0] stack backtrace:
[  230.932813][    C0] CPU: 0 PID: 6258 Comm: syz.3.765 Not tainted 5.15.162-syzkaller #0
[  230.932832][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  230.932842][    C0] Call Trace:
[  230.932849][    C0]  <TASK>
[  230.932855][    C0]  dump_stack_lvl+0x1e3/0x2d0
[  230.932876][    C0]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  230.932902][    C0]  ? print_circular_bug+0x12b/0x1a0
[  230.932923][    C0]  check_noncircular+0x2f8/0x3b0
[  230.932945][    C0]  ? add_chain_block+0x850/0x850
[  230.932964][    C0]  ? lockdep_lock+0x11f/0x2a0
[  230.932984][    C0]  ? validate_chain+0x112/0x5930
[  230.933004][    C0]  ? _find_first_zero_bit+0xcf/0xf0
[  230.933028][    C0]  validate_chain+0x1649/0x5930
[  230.933058][    C0]  ? reacquire_held_locks+0x660/0x660
[  230.933076][    C0]  ? data_push_tail+0x693/0x700
[  230.933100][    C0]  ? desc_read+0x3d0/0x3d0
[  230.933120][    C0]  ? is_bpf_text_address+0x24f/0x260
[  230.933141][    C0]  ? mark_lock+0x98/0x340
[  230.933164][    C0]  ? mark_lock+0x98/0x340
[  230.933189][    C0]  __lock_acquire+0x1295/0x1ff0
[  230.933215][    C0]  lock_acquire+0x1db/0x4f0
[  230.933231][    C0]  ? down_trylock+0x1c/0xa0
[  230.933252][    C0]  ? vsnprintf+0x1c70/0x1c70
[  230.933274][    C0]  ? read_lock_is_recursive+0x10/0x10
[  230.933294][    C0]  ? memcpy+0x3c/0x60
[  230.933313][    C0]  ? vsnprintf+0x1b96/0x1c70
[  230.933335][    C0]  ? _prb_commit+0x30a/0x3e0
[  230.933355][    C0]  ? prb_reserve+0x1240/0x1240
[  230.933376][    C0]  _raw_spin_lock_irqsave+0xd1/0x120
[  230.933398][    C0]  ? down_trylock+0x1c/0xa0
[  230.933418][    C0]  ? _raw_spin_lock+0x40/0x40
[  230.933441][    C0]  ? vprintk_store+0xf1b/0x1300
[  230.933461][    C0]  down_trylock+0x1c/0xa0
[  230.933483][    C0]  __down_trylock_console_sem+0x105/0x250
[  230.933504][    C0]  ? printk_parse_prefix+0x2c0/0x2c0
[  230.933523][    C0]  ? vprintk_emit+0xa6/0x150
[  230.933540][    C0]  ? console_trylock+0x70/0x70
[  230.933561][    C0]  ? validate_chain+0x112/0x5930
[  230.933581][    C0]  ? vprintk_emit+0xa6/0x150
[  230.933599][    C0]  console_trylock_spinning+0x8a/0x3f0
[  230.933619][    C0]  ? vprintk_emit+0x150/0x150
[  230.933637][    C0]  ? reacquire_held_locks+0x660/0x660
[  230.933657][    C0]  ? validate_chain+0x112/0x5930
[  230.933677][    C0]  ? reacquire_held_locks+0x660/0x660
[  230.933698][    C0]  vprintk_emit+0xa6/0x150
[  230.933729][    C0]  _printk+0xd1/0x120
[  230.933750][    C0]  ? report_bug+0x16e/0x2e0
[  230.933768][    C0]  ? panic+0x860/0x860
[  230.933790][    C0]  ? find_bug+0x9c/0x350
[  230.933809][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  230.933826][    C0]  report_bug+0x1e5/0x2e0
[  230.933848][    C0]  handle_bug+0x3d/0x70
[  230.933866][    C0]  exc_invalid_op+0x16/0x40
[  230.933884][    C0]  asm_exc_invalid_op+0x16/0x20
[  230.933926][    C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0
[  230.933948][    C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 ab cd d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 94 cd d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
[  230.933964][    C0] RSP: 0000:ffffc900032c77c0 EFLAGS: 00010046
[  230.933979][    C0] RAX: ffffffff81aa8dcc RBX: 0000000000000000 RCX: ffff888079d78000
[  230.933993][    C0] RDX: 0000000000000103 RSI: 0000000000000000 RDI: 0000000000000000
[  230.934005][    C0] RBP: dffffc0000000000 R08: ffffffff81aa8cdd R09: fffffbfff1f7f219
[  230.934020][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  230.934033][    C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900032c7828
[  230.934049][    C0]  ? copy_from_user_nofault+0x6d/0x1c0
[  230.934067][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  230.934096][    C0]  bpf_probe_read_user+0x26/0x70
[  230.934117][    C0]  bpf_prog_02073d59a3c0f06f+0x3d/0xa80
[  230.934152][    C0]  bpf_trace_run3+0x1d1/0x380
[  230.934176][    C0]  ? _raw_spin_lock_irqsave+0xac/0x120
[  230.934200][    C0]  ? bpf_trace_run2+0x340/0x340
[  230.934220][    C0]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  230.934243][    C0]  ? _raw_spin_lock+0x40/0x40
[  230.934270][    C0]  enqueue_timer+0x3ae/0x540
[  230.934294][    C0]  __mod_timer+0xa60/0xeb0
[  230.934320][    C0]  ? mod_timer_pending+0x20/0x20
[  230.934345][    C0]  ? prandom_u32+0x218/0x260
[  230.934368][    C0]  mrp_join_timer+0x14b/0x180
[  230.934388][    C0]  call_timer_fn+0x16d/0x560
[  230.934408][    C0]  ? mrp_init_applicant+0x500/0x500
[  230.934427][    C0]  ? __run_timers+0x890/0x890
[  230.934452][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  230.934473][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  230.934495][    C0]  ? mrp_init_applicant+0x500/0x500
[  230.934514][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  230.934536][    C0]  ? mrp_init_applicant+0x500/0x500
[  230.934555][    C0]  __run_timers+0x67c/0x890
[  230.934584][    C0]  ? detach_timer+0x2f0/0x2f0
[  230.934605][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  230.934628][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  230.934652][    C0]  run_timer_softirq+0x63/0xf0
[  230.934675][    C0]  handle_softirqs+0x3a7/0x930
[  230.934696][    C0]  ? __irq_exit_rcu+0x157/0x240
[  230.934717][    C0]  ? do_softirq+0x240/0x240
[  230.934738][    C0]  ? irqtime_account_irq+0xd0/0x1e0
[  230.934761][    C0]  __irq_exit_rcu+0x157/0x240
[  230.934780][    C0]  ? irq_exit_rcu+0x20/0x20
[  230.934802][    C0]  irq_exit_rcu+0x5/0x20
[  230.934819][    C0]  sysvec_apic_timer_interrupt+0x43/0xb0
[  230.934843][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  230.934863][    C0] RIP: 0033:0x7f1500ccf4e6
[  230.934879][    C0] Code: 49 01 c3 49 d1 fb 4c 39 de 0f 8d 95 00 00 00 49 89 f2 eb 03 49 89 c2 49 8d 52 01 48 8d 04 12 48 c1 e2 04 48 8d 0c 17 48 8b 31 <48> 3b 74 17 f8 73 0b 48 83 e8 01 48 8d 0c c7 48 8b 31 4a 89 34 d7
[  230.934896][    C0] RSP: 002b:00007ffcb95ac828 EFLAGS: 00000202
[  230.934911][    C0] RAX: 0000000000000062 RBX: 00000000000002d6 RCX: 00007f1500277cb8
[  230.934924][    C0] RDX: 0000000000000310 RSI: ffffffff883e5ade RDI: 00007f15002779a8
[  230.934938][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff882f5df3
[  230.934952][    C0] R10: 0000000000000030 R11: 000000000000016a R12: 00007f15002779a8
[  230.934965][    C0] R13: 0000000000000000 R14: 00007f150007c008 R15: 00007f1500f86f60
[  230.934981][    C0]  ? consume_skb+0x103/0x140
[  230.935003][    C0]  ? sk_filter_trim_cap+0xae/0x8f0
[  230.935028][    C0]  </TASK>
[  230.937326][ T3585] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  230.939642][    C0] WARNING: CPU: 0 PID: 6258 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0
[  230.963848][ T3585] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  230.965837][    C0] Modules linked in:
[  232.167605][    C0] CPU: 0 PID: 6258 Comm: syz.3.765 Not tainted 5.15.162-syzkaller #0
[  232.175648][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  232.185679][    C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0
[  232.191817][    C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 ab cd d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 94 cd d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
[  232.211399][    C0] RSP: 0000:ffffc900032c77c0 EFLAGS: 00010046
[  232.217444][    C0] RAX: ffffffff81aa8dcc RBX: 0000000000000000 RCX: ffff888079d78000
[  232.225400][    C0] RDX: 0000000000000103 RSI: 0000000000000000 RDI: 0000000000000000
[  232.233350][    C0] RBP: dffffc0000000000 R08: ffffffff81aa8cdd R09: fffffbfff1f7f219
[  232.241301][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  232.249251][    C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900032c7828
[  232.257206][    C0] FS:  0000555555637500(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[  232.266113][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  232.272799][    C0] CR2: 0000001b2f1d8ff8 CR3: 000000001ea8d000 CR4: 00000000003506f0
[  232.280762][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  232.288724][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  232.296674][    C0] Call Trace:
[  232.299936][    C0]  <TASK>
[  232.302850][    C0]  ? __warn+0x15b/0x300
[  232.306993][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  232.312522][    C0]  ? report_bug+0x1b7/0x2e0
[  232.317011][    C0]  ? handle_bug+0x3d/0x70
[  232.321328][    C0]  ? exc_invalid_op+0x16/0x40
[  232.325984][    C0]  ? asm_exc_invalid_op+0x16/0x20
[  232.331013][    C0]  ? copy_from_user_nofault+0x6d/0x1c0
[  232.336453][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  232.341981][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  232.347509][    C0]  bpf_probe_read_user+0x26/0x70
[  232.352428][    C0]  bpf_prog_02073d59a3c0f06f+0x3d/0xa80
[  232.357953][    C0]  bpf_trace_run3+0x1d1/0x380
[  232.362613][    C0]  ? _raw_spin_lock_irqsave+0xac/0x120
[  232.368053][    C0]  ? bpf_trace_run2+0x340/0x340
[  232.372883][    C0]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  232.378324][    C0]  ? _raw_spin_lock+0x40/0x40
[  232.382986][    C0]  enqueue_timer+0x3ae/0x540
[  232.387567][    C0]  __mod_timer+0xa60/0xeb0
[  232.391969][    C0]  ? mod_timer_pending+0x20/0x20
[  232.396889][    C0]  ? prandom_u32+0x218/0x260
[  232.401457][    C0]  mrp_join_timer+0x14b/0x180
[  232.406115][    C0]  call_timer_fn+0x16d/0x560
[  232.410681][    C0]  ? mrp_init_applicant+0x500/0x500
[  232.415869][    C0]  ? __run_timers+0x890/0x890
[  232.420550][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  232.425743][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  232.430924][    C0]  ? mrp_init_applicant+0x500/0x500
[  232.436099][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  232.441297][    C0]  ? mrp_init_applicant+0x500/0x500
[  232.446474][    C0]  __run_timers+0x67c/0x890
[  232.450972][    C0]  ? detach_timer+0x2f0/0x2f0
[  232.455629][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  232.461697][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  232.466896][    C0]  run_timer_softirq+0x63/0xf0
[  232.471659][    C0]  handle_softirqs+0x3a7/0x930
[  232.476405][    C0]  ? __irq_exit_rcu+0x157/0x240
[  232.481234][    C0]  ? do_softirq+0x240/0x240
[  232.485718][    C0]  ? irqtime_account_irq+0xd0/0x1e0
[  232.490899][    C0]  __irq_exit_rcu+0x157/0x240
[  232.495552][    C0]  ? irq_exit_rcu+0x20/0x20
[  232.500033][    C0]  irq_exit_rcu+0x5/0x20
[  232.504259][    C0]  sysvec_apic_timer_interrupt+0x43/0xb0
[  232.509875][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  232.515835][    C0] RIP: 0033:0x7f1500ccf4e6
[  232.520229][    C0] Code: 49 01 c3 49 d1 fb 4c 39 de 0f 8d 95 00 00 00 49 89 f2 eb 03 49 89 c2 49 8d 52 01 48 8d 04 12 48 c1 e2 04 48 8d 0c 17 48 8b 31 <48> 3b 74 17 f8 73 0b 48 83 e8 01 48 8d 0c c7 48 8b 31 4a 89 34 d7
[  232.539809][    C0] RSP: 002b:00007ffcb95ac828 EFLAGS: 00000202
[  232.545859][    C0] RAX: 0000000000000062 RBX: 00000000000002d6 RCX: 00007f1500277cb8
[  232.553812][    C0] RDX: 0000000000000310 RSI: ffffffff883e5ade RDI: 00007f15002779a8
[  232.561767][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff882f5df3
[  232.569727][    C0] R10: 0000000000000030 R11: 000000000000016a R12: 00007f15002779a8
[  232.577680][    C0] R13: 0000000000000000 R14: 00007f150007c008 R15: 00007f1500f86f60
[  232.585633][    C0]  ? consume_skb+0x103/0x140
[  232.590235][    C0]  ? sk_filter_trim_cap+0xae/0x8f0
[  232.595374][    C0]  </TASK>
[  232.598390][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  232.605651][    C0] CPU: 0 PID: 6258 Comm: syz.3.765 Not tainted 5.15.162-syzkaller #0
[  232.613701][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  232.623743][    C0] Call Trace:
[  232.627006][    C0]  <TASK>
[  232.629922][    C0]  dump_stack_lvl+0x1e3/0x2d0
[  232.634612][    C0]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  232.640229][    C0]  ? panic+0x860/0x860
[  232.644284][    C0]  ? panic+0x860/0x860
[  232.648336][    C0]  ? copy_from_user_nofault+0x90/0x1c0
[  232.653783][    C0]  ? copy_from_user_nofault+0x90/0x1c0
[  232.659218][    C0]  panic+0x318/0x860
[  232.663099][    C0]  ? __warn+0x16a/0x300
[  232.667236][    C0]  ? fb_is_primary_device+0xd0/0xd0
[  232.672422][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  232.677946][    C0]  __warn+0x2b2/0x300
[  232.681920][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  232.687449][    C0]  report_bug+0x1b7/0x2e0
[  232.691762][    C0]  handle_bug+0x3d/0x70
[  232.695897][    C0]  exc_invalid_op+0x16/0x40
[  232.700400][    C0]  asm_exc_invalid_op+0x16/0x20
[  232.705231][    C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0
[  232.711369][    C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 ab cd d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 94 cd d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
[  232.730970][    C0] RSP: 0000:ffffc900032c77c0 EFLAGS: 00010046
[  232.737046][    C0] RAX: ffffffff81aa8dcc RBX: 0000000000000000 RCX: ffff888079d78000
[  232.745005][    C0] RDX: 0000000000000103 RSI: 0000000000000000 RDI: 0000000000000000
[  232.752962][    C0] RBP: dffffc0000000000 R08: ffffffff81aa8cdd R09: fffffbfff1f7f219
[  232.760925][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  232.768884][    C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900032c7828
[  232.776873][    C0]  ? copy_from_user_nofault+0x6d/0x1c0
[  232.782327][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  232.787881][    C0]  bpf_probe_read_user+0x26/0x70
[  232.792814][    C0]  bpf_prog_02073d59a3c0f06f+0x3d/0xa80
[  232.798352][    C0]  bpf_trace_run3+0x1d1/0x380
[  232.803031][    C0]  ? _raw_spin_lock_irqsave+0xac/0x120
[  232.808499][    C0]  ? bpf_trace_run2+0x340/0x340
[  232.813350][    C0]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  232.818807][    C0]  ? _raw_spin_lock+0x40/0x40
[  232.823487][    C0]  enqueue_timer+0x3ae/0x540
[  232.828081][    C0]  __mod_timer+0xa60/0xeb0
[  232.832492][    C0]  ? mod_timer_pending+0x20/0x20
[  232.837425][    C0]  ? prandom_u32+0x218/0x260
[  232.842005][    C0]  mrp_join_timer+0x14b/0x180
[  232.846672][    C0]  call_timer_fn+0x16d/0x560
[  232.851246][    C0]  ? mrp_init_applicant+0x500/0x500
[  232.856430][    C0]  ? __run_timers+0x890/0x890
[  232.861094][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  232.866278][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  232.871460][    C0]  ? mrp_init_applicant+0x500/0x500
[  232.876641][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  232.881833][    C0]  ? mrp_init_applicant+0x500/0x500
[  232.887017][    C0]  __run_timers+0x67c/0x890
[  232.891512][    C0]  ? detach_timer+0x2f0/0x2f0
[  232.896172][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  232.902136][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  232.907322][    C0]  run_timer_softirq+0x63/0xf0
[  232.912077][    C0]  handle_softirqs+0x3a7/0x930
[  232.916824][    C0]  ? __irq_exit_rcu+0x157/0x240
[  232.921658][    C0]  ? do_softirq+0x240/0x240
[  232.926144][    C0]  ? irqtime_account_irq+0xd0/0x1e0
[  232.931327][    C0]  __irq_exit_rcu+0x157/0x240
[  232.935988][    C0]  ? irq_exit_rcu+0x20/0x20
[  232.940476][    C0]  irq_exit_rcu+0x5/0x20
[  232.944700][    C0]  sysvec_apic_timer_interrupt+0x43/0xb0
[  232.950318][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  232.956284][    C0] RIP: 0033:0x7f1500ccf4e6
[  232.960682][    C0] Code: 49 01 c3 49 d1 fb 4c 39 de 0f 8d 95 00 00 00 49 89 f2 eb 03 49 89 c2 49 8d 52 01 48 8d 04 12 48 c1 e2 04 48 8d 0c 17 48 8b 31 <48> 3b 74 17 f8 73 0b 48 83 e8 01 48 8d 0c c7 48 8b 31 4a 89 34 d7
[  232.980372][    C0] RSP: 002b:00007ffcb95ac828 EFLAGS: 00000202
[  232.986422][    C0] RAX: 0000000000000062 RBX: 00000000000002d6 RCX: 00007f1500277cb8
[  232.994392][    C0] RDX: 0000000000000310 RSI: ffffffff883e5ade RDI: 00007f15002779a8
[  233.002348][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff882f5df3
[  233.010299][    C0] R10: 0000000000000030 R11: 000000000000016a R12: 00007f15002779a8
[  233.018249][    C0] R13: 0000000000000000 R14: 00007f150007c008 R15: 00007f1500f86f60
[  233.026204][    C0]  ? consume_skb+0x103/0x140
[  233.030776][    C0]  ? sk_filter_trim_cap+0xae/0x8f0
[  233.035890][    C0]  </TASK>
[  234.166201][    C0] Shutting down cpus with NMI
[  234.171361][    C0] Kernel Offset: disabled
[  234.175678][    C0] Rebooting in 86400 seconds..